Version: 17.05.0-ce
API version: 1.29 (minimum version 1.12)
Go version: go1.7.5
Git commit: 89658be
Built: Thu May 4 22:09:44 2017
OS/Arch: linux/amd64
Experimental: false
I am having issues where the containers are not routing to the host IP.
443/tcp -> 0.0.0.0:443
9005/tcp -> 0.0.0.0:9005
9092/tcp -> 0.0.0.0:9092
The following connect, however not using the IP from the host itself.
nc -w 1 -z 172.26.0.2 9092
Connection to 172.26.0.2 9092 port [tcp/XmlIpcRegSvc] succeeded!
nc -w 1 -z localhost 9092
Connection to localhost 9092 port [tcp/XmlIpcRegSvc] succeeded!
nc -w 5 -zv host_ip 9092
nc: connect to host_ip port 9092 (tcp) timed out: Operation now in progress
From other hosts it connects fine using the IP.
[other host] $ nc -z host_ip 9092
Connection to host_ip 9092 port [tcp/XmlIpcRegSvc] succeeded!
IP Tables Output Looks OK
# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 172.26.0.2 tcp dpt:9092
ACCEPT tcp -- 0.0.0.0/0 172.26.0.2 tcp dpt:9005
ACCEPT tcp -- 0.0.0.0/0 172.26.0.2 tcp dpt:443
Chain DOCKER-ISOLATION (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.26.0.0/16 0.0.0.0/0
MASQUERADE all -- 172.26.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.26.0.2 172.26.0.2 tcp dpt:9092
MASQUERADE tcp -- 172.26.0.2 172.26.0.2 tcp dpt:9005
MASQUERADE tcp -- 172.26.0.2 172.26.0.2 tcp dpt:443
Chain DOCKER (4 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9092 to:172.26.0.2:9092
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9005 to:172.26.0.2:9005
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.26.0.2:443