Cannot access container by its container IP

gdrott2s · September 26, 2016, 10:26am

Hi All,

I run a docker-compose config that starts multiple containers and I try to access them with their container IP (by running a piece of code in my IDE) but it does not work. The containers only answer on localhost and I think I should be able to access them since I use the native docker instead of boot2docker.

For example :

telnet localhost 27017 => works
telnet 172.17.0.5 27017 => do not work

Can anyone help me on this (details below) ?

Thanks.

Guillaume

MacOSX version : 10.12 (16A323)
Docker Version : 1.12.1 (build: 12133)

Here is the output of the command ‘docker network inspect bridge’ :
[
{
“Name”: “bridge”,
“Id”: “dcdc07a414c82b5adaa7929d6e67487569b2544613a703a855b4164cb424a892”,
“Scope”: “local”,
“Driver”: “bridge”,
“EnableIPv6”: false,
“IPAM”: {
“Driver”: “default”,
“Options”: null,
“Config”: [
{
“Subnet”: “172.17.0.0/16”,
“Gateway”: “172.17.0.1”
}
]
},
“Internal”: false,
“Containers”: {
“2de2a5dffb1c1226417a9b2da60e7270b3cd247bdc4e097e55dac8705bcfa410”: {
“Name”: “core_redis_1”,
“EndpointID”: “74ca485ee013c0bd79fadba30917f5abc5a262955b3ef37baecb87c611dd48de”,
“MacAddress”: “02:42:ac:11:00:02”,
“IPv4Address”: “172.17.0.2/16”,
“IPv6Address”: “”
},
“3ef7789b037ee01f649109a30ed9a15f5c739910b9e063730954152736fdfe12”: {
“Name”: “core_rabbitmq_1”,
“EndpointID”: “b1747ade8735d4122abd842ae6464273d011d429fc59d46522c7f95b4e717716”,
“MacAddress”: “02:42:ac:11:00:03”,
“IPv4Address”: “172.17.0.3/16”,
“IPv6Address”: “”
},
“69e661ac29414d33cd12c79da474061ac9ddaeec1dc0432ff814c954a2d80756”: {
“Name”: “core_tomcat_1”,
“EndpointID”: “479773de0632bf552d22226eb5ff87dcc92e5661317c621e69eab748a623efbc”,
“MacAddress”: “02:42:ac:11:00:08”,
“IPv4Address”: “172.17.0.8/16”,
“IPv6Address”: “”
},
“8ed80bfd0e6712179e8b0be9bdf5bd7f9fa710d99eab82519d003b798860813c”: {
“Name”: “core_mongo_1”,
“EndpointID”: “7778bb2e9b0e9dd0700f4ee336592abe4e43ec3e0ef1e625e3ceeb78deacbadd”,
“MacAddress”: “02:42:ac:11:00:05”,
“IPv4Address”: “172.17.0.5/16”,
“IPv6Address”: “”
},
“9686c6d06eb26d72a48acaf51dc6e12c0f52e2012c123b675dd75cd28f6f7060”: {
“Name”: “core_redis_2”,
“EndpointID”: “2480e3876514a93e62e4815a4ded5086a7e1eb7d1f7ac973524dc6da18fb0d46”,
“MacAddress”: “02:42:ac:11:00:04”,
“IPv4Address”: “172.17.0.4/16”,
“IPv6Address”: “”
},
“f4421a60d823764a24e2fb7c15a72f1ff772a888779db31881cd75e00bb0df11”: {
“Name”: “core_dse_1”,
“EndpointID”: “a555b63abc565f29f09eb9b414be1b38a14d32b9ce9aa2efb57eda2feb54f73c”,
“MacAddress”: “02:42:ac:11:00:07”,
“IPv4Address”: “172.17.0.7/16”,
“IPv6Address”: “”
},
“fd422c89a0b26911fe5793418ee4c16d1e0a965f807c624f9561af9afc72494e”: {
“Name”: “core_redis_3”,
“EndpointID”: “09dbda7e2ff3dff90ad1b90726c444e83772e268de295db2b321afb758ecbc60”,
“MacAddress”: “02:42:ac:11:00:06”,
“IPv4Address”: “172.17.0.6/16”,
“IPv6Address”: “”
}
},
“Options”: {
“com.docker.network.bridge.default_bridge”: “true”,
“com.docker.network.bridge.enable_icc”: “true”,
“com.docker.network.bridge.enable_ip_masquerade”: “true”,
“com.docker.network.bridge.host_binding_ipv4”: “0.0.0.0”,
“com.docker.network.bridge.name”: “docker0”,
“com.docker.network.driver.mtu”: “1500”
},
“Labels”: {}
}
]

dmaze · September 26, 2016, 6:48pm

This has been discussed many many times in this forum before and it’s a pretty well-known restriction (IMHO not especially a limitation) of Docker for Mac. Use the docker run -p option to expose a port on the host. Using the container-private IP addresses, from what I’ve seen, isn’t considered a best practice.

bacoboy · October 3, 2016, 11:32am

Yes, the “native” mac implementation still has a VM hiding in there somewhere.
To see this you can run a container in host networking mode:

$ docker run --rm --network=host -ti ubuntu bash
root@moby:/# apt-get update && apt-get install net-tools
[snip]
root@moby:/# ifconfig | grep -A2 Link
docker0   Link encap:Ethernet  HWaddr 02:42:28:d3:cb:c5
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:28ff:fed3:cbc5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:233801 errors:0 dropped:0 overruns:0 frame:0
--
eth0      Link encap:Ethernet  HWaddr c0:ff:ee:c0:ff:ee
          inet addr:192.168.65.2  Bcast:192.168.65.15  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
--
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
--
veth55cf82b Link encap:Ethernet  HWaddr c6:d5:75:2f:35:61
          inet6 addr: fe80::c4d5:75ff:fe2f:3561/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1155 errors:0 dropped:0 overruns:0 frame:0
--
veth98645d2 Link encap:Ethernet  HWaddr 76:56:f4:53:4f:80
          inet6 addr: fe80::7456:f4ff:fe53:4f80/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:478 errors:0 dropped:0 overruns:0 frame:0
--
vetha295c1d Link encap:Ethernet  HWaddr 4a:b4:fa:2d:ae:7c
          inet6 addr: fe80::48b4:faff:fe2d:ae7c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:362 errors:0 dropped:0 overruns:0 frame:0
--
vethc15ac09 Link encap:Ethernet  HWaddr b2:fa:dd:3e:6d:9f
          inet6 addr: fe80::b0fa:ddff:fe3e:6d9f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13941 errors:0 dropped:0 overruns:0 frame:0
--
vethcd5b2bc Link encap:Ethernet  HWaddr 56:6f:7a:74:44:28
          inet6 addr: fe80::546f:7aff:fe74:4428/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5262 errors:0 dropped:0 overruns:0 frame:0

As you can see your 172.17.0.0/16 network is the docker0 bridge network, but (as in this example), my computer IP is NOT 192.168.65.2 as indicated by eth0, but rather en0/192.168.13.50.

% ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 ::1 prefixlen 128
	inet 127.0.0.1 netmask 0xff000000
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 98:01:a7:93:12:ff
	inet6 fe80::9a01:a7ff:fe93:12ff%en0 prefixlen 64 scopeid 0x4
	inet 192.168.13.50 netmask 0xffffff00 broadcast 192.168.13.255
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active

So that moby server is another VM layer – granted it is using the Mac’s native containerization, but there is another ‘machine’ in there between your mac and your containers…

Steve

Topic		Replies	Views
Cannot access app by container IP Docker Desktop macos	5	20003	August 28, 2018
Container access to docker.local Docker Desktop	4	1677	March 31, 2016
Cannot access docker container from the host Docker Desktop docker	3	21545	May 10, 2016
Cannot access container via external IP but can access via host IP with port General	1	4599	October 6, 2020
How can I access docker container on MAC from other PC Docker Desktop	1	3402	July 13, 2016

Cannot access container by its container IP

Related topics