Cannot access container by its container IP

Hi All,

I run a docker-compose config that starts multiple containers and I try to access them with their container IP (by running a piece of code in my IDE) but it does not work. The containers only answer on localhost and I think I should be able to access them since I use the native docker instead of boot2docker.

For example :

  • telnet localhost 27017 => works
  • telnet 172.17.0.5 27017 => do not work

Can anyone help me on this (details below) ?

Thanks.

Guillaume

MacOSX version : 10.12 (16A323)
Docker Version : 1.12.1 (build: 12133)

Here is the output of the command ‘docker network inspect bridge’ :
[
{
“Name”: “bridge”,
“Id”: “dcdc07a414c82b5adaa7929d6e67487569b2544613a703a855b4164cb424a892”,
“Scope”: “local”,
“Driver”: “bridge”,
“EnableIPv6”: false,
“IPAM”: {
“Driver”: “default”,
“Options”: null,
“Config”: [
{
“Subnet”: “172.17.0.0/16”,
“Gateway”: “172.17.0.1”
}
]
},
“Internal”: false,
“Containers”: {
“2de2a5dffb1c1226417a9b2da60e7270b3cd247bdc4e097e55dac8705bcfa410”: {
“Name”: “core_redis_1”,
“EndpointID”: “74ca485ee013c0bd79fadba30917f5abc5a262955b3ef37baecb87c611dd48de”,
“MacAddress”: “02:42:ac:11:00:02”,
“IPv4Address”: “172.17.0.2/16”,
“IPv6Address”: “”
},
“3ef7789b037ee01f649109a30ed9a15f5c739910b9e063730954152736fdfe12”: {
“Name”: “core_rabbitmq_1”,
“EndpointID”: “b1747ade8735d4122abd842ae6464273d011d429fc59d46522c7f95b4e717716”,
“MacAddress”: “02:42:ac:11:00:03”,
“IPv4Address”: “172.17.0.3/16”,
“IPv6Address”: “”
},
“69e661ac29414d33cd12c79da474061ac9ddaeec1dc0432ff814c954a2d80756”: {
“Name”: “core_tomcat_1”,
“EndpointID”: “479773de0632bf552d22226eb5ff87dcc92e5661317c621e69eab748a623efbc”,
“MacAddress”: “02:42:ac:11:00:08”,
“IPv4Address”: “172.17.0.8/16”,
“IPv6Address”: “”
},
“8ed80bfd0e6712179e8b0be9bdf5bd7f9fa710d99eab82519d003b798860813c”: {
“Name”: “core_mongo_1”,
“EndpointID”: “7778bb2e9b0e9dd0700f4ee336592abe4e43ec3e0ef1e625e3ceeb78deacbadd”,
“MacAddress”: “02:42:ac:11:00:05”,
“IPv4Address”: “172.17.0.5/16”,
“IPv6Address”: “”
},
“9686c6d06eb26d72a48acaf51dc6e12c0f52e2012c123b675dd75cd28f6f7060”: {
“Name”: “core_redis_2”,
“EndpointID”: “2480e3876514a93e62e4815a4ded5086a7e1eb7d1f7ac973524dc6da18fb0d46”,
“MacAddress”: “02:42:ac:11:00:04”,
“IPv4Address”: “172.17.0.4/16”,
“IPv6Address”: “”
},
“f4421a60d823764a24e2fb7c15a72f1ff772a888779db31881cd75e00bb0df11”: {
“Name”: “core_dse_1”,
“EndpointID”: “a555b63abc565f29f09eb9b414be1b38a14d32b9ce9aa2efb57eda2feb54f73c”,
“MacAddress”: “02:42:ac:11:00:07”,
“IPv4Address”: “172.17.0.7/16”,
“IPv6Address”: “”
},
“fd422c89a0b26911fe5793418ee4c16d1e0a965f807c624f9561af9afc72494e”: {
“Name”: “core_redis_3”,
“EndpointID”: “09dbda7e2ff3dff90ad1b90726c444e83772e268de295db2b321afb758ecbc60”,
“MacAddress”: “02:42:ac:11:00:06”,
“IPv4Address”: “172.17.0.6/16”,
“IPv6Address”: “”
}
},
“Options”: {
“com.docker.network.bridge.default_bridge”: “true”,
“com.docker.network.bridge.enable_icc”: “true”,
“com.docker.network.bridge.enable_ip_masquerade”: “true”,
“com.docker.network.bridge.host_binding_ipv4”: “0.0.0.0”,
com.docker.network.bridge.name”: “docker0”,
“com.docker.network.driver.mtu”: “1500”
},
“Labels”: {}
}
]

This has been discussed many many times in this forum before and it’s a pretty well-known restriction (IMHO not especially a limitation) of Docker for Mac. Use the docker run -p option to expose a port on the host. Using the container-private IP addresses, from what I’ve seen, isn’t considered a best practice.

Yes, the “native” mac implementation still has a VM hiding in there somewhere.
To see this you can run a container in host networking mode:

$ docker run --rm --network=host -ti ubuntu bash
root@moby:/# apt-get update && apt-get install net-tools
[snip]
root@moby:/# ifconfig | grep -A2 Link
docker0   Link encap:Ethernet  HWaddr 02:42:28:d3:cb:c5
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:28ff:fed3:cbc5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:233801 errors:0 dropped:0 overruns:0 frame:0
--
eth0      Link encap:Ethernet  HWaddr c0:ff:ee:c0:ff:ee
          inet addr:192.168.65.2  Bcast:192.168.65.15  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
--
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
--
veth55cf82b Link encap:Ethernet  HWaddr c6:d5:75:2f:35:61
          inet6 addr: fe80::c4d5:75ff:fe2f:3561/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1155 errors:0 dropped:0 overruns:0 frame:0
--
veth98645d2 Link encap:Ethernet  HWaddr 76:56:f4:53:4f:80
          inet6 addr: fe80::7456:f4ff:fe53:4f80/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:478 errors:0 dropped:0 overruns:0 frame:0
--
vetha295c1d Link encap:Ethernet  HWaddr 4a:b4:fa:2d:ae:7c
          inet6 addr: fe80::48b4:faff:fe2d:ae7c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:362 errors:0 dropped:0 overruns:0 frame:0
--
vethc15ac09 Link encap:Ethernet  HWaddr b2:fa:dd:3e:6d:9f
          inet6 addr: fe80::b0fa:ddff:fe3e:6d9f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13941 errors:0 dropped:0 overruns:0 frame:0
--
vethcd5b2bc Link encap:Ethernet  HWaddr 56:6f:7a:74:44:28
          inet6 addr: fe80::546f:7aff:fe74:4428/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5262 errors:0 dropped:0 overruns:0 frame:0

As you can see your 172.17.0.0/16 network is the docker0 bridge network, but (as in this example), my computer IP is NOT 192.168.65.2 as indicated by eth0, but rather en0/192.168.13.50.

% ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 ::1 prefixlen 128
	inet 127.0.0.1 netmask 0xff000000
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 98:01:a7:93:12:ff
	inet6 fe80::9a01:a7ff:fe93:12ff%en0 prefixlen 64 scopeid 0x4
	inet 192.168.13.50 netmask 0xffffff00 broadcast 192.168.13.255
	nd6 options=1<PERFORMNUD>
	media: autoselect
	status: active

So that moby server is another VM layer – granted it is using the Mac’s native containerization, but there is another ‘machine’ in there between your mac and your containers…

Steve