Hi!

I’m building a web apps using docker compose with several containers, all on a same custom network (bridge I guess). Everything works fine except that I cannot access to the smtp server provided by my company from my backend container (which uses Django).

From my backend container I can ping external world (like google.com or apple.com) but I cannot ping the smtp server. I can ping it from the host and if I use the network host in my backend container, it works too.

Any idea about what could be wrong in my setup ? As the smtp server does not require any credentials (login/password) I’m wondering if there is an IP filtering to just allow access to the VM they provided to me (the host is a VM on Ubuntu server).

Or could it be due to something related to iptables ?

if you have some ideas to check, I would really appreciate them !

Have a nice day,
Remy

Can you share the output of docker inspect for the network to make sure that it is a bridge network?

Bridge networks are private subnets, known internal to the docker host. Outgoing traffic is natted, so that outgoing traffic will be seen as if the traffic originates from one of the nics of the vm. Docker does not filter any outgoing traffic from a container to a remote destination.

When you say you can ping from the host, you mean from the vm used as docker host, right?

Hi meyay!

So the output of docker inspect <MY_BACKEND_CONTAINER (networking part) is:

"NetworkSettings": {
            "Bridge": "",
            "SandboxID": "d4cfa57c0312b2de6838c11f1accba0298a45158481b4afcd3e3cb4cf643adc9",
            "SandboxKey": "/var/run/docker/netns/d4cfa57c0312",
            "Ports": {
                "8000/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "8000"
                    },
                    {
                        "HostIp": "::",
                        "HostPort": "8000"
                    }
                ]
            },
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "mosaic-network-staging": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "mosaic-backend-staging",
                        "backend"
                    ],
                    "MacAddress": "76:f5:e6:f9:4b:c4",
                    "DriverOpts": null,
                    "GwPriority": 0,
                    "NetworkID": "ad8773224696d13baa1c5c3f8b24e35b680edbdc4081b073e2710a0aede392bf",
                    "EndpointID": "8a372305f2547b0f7d73d9c7df54b98138ed6d85ad35931d3531c34b5e83988b",
                    "Gateway": "172.18.0.1",
                    "IPAddress": "172.18.0.14",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "DNSNames": [
                        "mosaic-backend-staging",
                        "backend",
                        "5569d8d4a825"
                    ]
                }
            }
        }

Yes, I can ping from the VM where I execute docker compose up -d (so which is the docker host)

In fact, if I ping from the VM provided by my company it works but if I ping from my laptop (even connected to the VPN of my company) it fails.

That’s why I thought about some filtering on the SMTP server side but if my backend docker container is seen as the VM, it should work I guess.