Docker Community Forums

Share and learn in the Docker community.

Cant reach container from Network

Hi there. Iam new to the whoe Docker thing and try to do the following and hope someone can help me pls.

Iam running a Debian 10.3 Server with docker and portainer. On this server i want to run different containers and make them reachable within my phisical network with own IP per container.

For example a teamspeakserver can have his own IP like 192.168.5.2

My current structure:

Network Range of physical: 192.168.0.0/16
Router IP: 192.168.178.1
Docker Host: 192.168.4.1

after i setup the container ive run the following to create a macvlan

docker network create -d macvlan --subnet=192.168.0.0/16 --ip-range=192.168.5.0/24 --gateway=192.168.178.1 --aux-address=“this-host=192.168.5.0” -o parent=eth0 chaos-intra

then i added the following to my /etc/network/interfaces:

up ip link add vlan-intra link eth0 type macvlan mode bridge
up ip addr add 192.168.5.0/24 dev vlan-intra
up ip link set vlan-intra up
up ip route add 192.168.5.0/24 dev vlan-intra

in portainer i removed the bridge network and added the teamspeak container to the vlan-intra.
also defined within network the vlan-intra and ip 192.168.5.1.

Normally i thougt that should work to make the teamspeak reachable via 192.168.5.1.
From Docker Host iam able to ping the container. Iam also able to ping the docker host from my pc using 192.168.4.1 or 192.168.5.0. What i cant do is ping the container from my pc.

When i run the shell from teamspeak container in portainer i can ping my whole network.
Now the funny thing. I start a cmd run “ping 192.168.5.2 -t” it always says its not reachable.

but when i ping my pc one time from within the teamspeak portainer console, then my pc reaches 192.168.5.2. But just until the docker host gets rebootet. Whats the cause her and how can i make it permanently reachable via 192.168.5.2?

thx in advance.

greetings caaruzo

1 Like

This is not how containers work. A container contains one service that is connected to a port of the host (your server). In most of the cases you don’t need access to all of them. For example if you have 3 containers with a web server, an application and a database you only need access to the web server, the other connections are made internally.
If you are new to Docker just remember that you will not have to manipulate networks for a very long time. If you find examples that do so, don’t follow them.

Greetings, thanks for your answer. The thing is, i dont want to port map several webservers. As example i want to run more then 2 Webservers in different containers with different ips, reachable on port 80 or 443.

Shouldnt that be possible? And yes ofc, one container is one service for me too. so i can seperate services, storage etc still ofc. its just the network i want to make physically reachable.

Why isnt that recommended? Would be the same i seperate my services by phisical machines.

Greetings

Yes, you can do some thine similar to that.
You can use another container that play as e proxy between the multiples web servers.
One example is Traefik.
PS: Sorry for my bad English.

looks good, thx much. But is there also something similar, that can do this with any kind of service?
Cause the websites are just on the top gui for a programm behind.

There are other kind of proxys, that support TCP, but without name resolve like Voyager from AppsCode ( based on HAProxy ). But I dont know if works on a stand alone Docker (no Swarm, no Compose, no K8s).

MACVLAN with pinging from physical now works since upgrading to bpo.4 kernel on amd64.
It was a kernel problem.

Greetings
Caaruzo