I am using DockerForMac version:
docker --version
Docker version 18.03.1-ce, build 9ee9f40
and my localhost is connected to a VPN. I have set my docker subnet to:
10.168.1.0/24
in the preferences UI.
I have a linux image created from this:
FROM amazonlinux
RUN yum -y install java-1.8.0
# optional
# ping
RUN yum -y install iputils
# VPN lookup (company and IPs obfuscated)
RUN mkdir /etc/resolver
RUN printf "domain service.company \n\
Nameserver 172.XXXX \n\
Nameserver 172.XXXX \n\
nameserver 172.XXXX \n\
">> /etc/resolver/service.company
Having this /etc/resolver/service.company file is necessary for DNS lookups to work on our macs outside of docker.
I build via:
docker build -t linux-test .
and run via:
docker run -d linux-test tail -f /dev/null
and connect to:
docker exec -it $(docker ps -q) bash
Inside the image, I can successfully ping public IPs such as google.com, so networking in general works.
When I try to ping our test database, I get this:
bash-4.2# ping mongo1.alpha.company.com
PING mongo1.alpha.company.com (172.XXX.3.XXX) 56(84) bytes of data.
From f9103832b6f2 (172.XXX.0.XXX) icmp_seq=1 Destination Host Unreachable
From f9103832b6f2 (172.XXX.0.XXX) icmp_seq=2 Destination Host Unreachable
From f9103832b6f2 (172.XXX.0.XXX) icmp_seq=3 Destination Host Unreachable
Despite the censoring, I’m trying to show that it correctly resolved the IP to 172.X.3, but then says that 172.X.0 is not reachable. When I run this in my localhost (mac), I get:
ping mongo1.alpha.company.com
PING mongo1.alpha.company.com (172.XXX.3.XXX): 56 data bytes
64 bytes from 172.XXX.3.XXX: icmp_seq=0 ttl=63 time=11.499 ms
64 bytes from 172.XXX.3.XXX: icmp_seq=1 ttl=63 time=11.264 ms
64 bytes from 172.XXX.3.XXX: icmp_seq=2 ttl=63 time=12.232 ms
I do not have any bridges or output from ifconfig
which conflict with 172.XXX
, which is what most posts on this topic have directed me to.
If you got lost in all the details, the TLDR is that I’m connected to a VPN, my mac can ping IP addresses, my docker images can resolve the DNS addresses, but not reach the IPs. Any help would be greatly appreciated.