I am using DockerForMac version:
docker --version Docker version 18.03.1-ce, build 9ee9f40
and my localhost is connected to a VPN. I have set my docker subnet to:
in the preferences UI.
I have a linux image created from this:
FROM amazonlinux RUN yum -y install java-1.8.0 # optional # ping RUN yum -y install iputils # VPN lookup (company and IPs obfuscated) RUN mkdir /etc/resolver RUN printf "domain service.company \n\ Nameserver 172.XXXX \n\ Nameserver 172.XXXX \n\ nameserver 172.XXXX \n\ ">> /etc/resolver/service.company
Having this /etc/resolver/service.company file is necessary for DNS lookups to work on our macs outside of docker.
I build via:
docker build -t linux-test .
and run via:
docker run -d linux-test tail -f /dev/null
and connect to:
docker exec -it $(docker ps -q) bash
Inside the image, I can successfully ping public IPs such as google.com, so networking in general works.
When I try to ping our test database, I get this:
bash-4.2# ping mongo1.alpha.company.com PING mongo1.alpha.company.com (172.XXX.3.XXX) 56(84) bytes of data. From f9103832b6f2 (172.XXX.0.XXX) icmp_seq=1 Destination Host Unreachable From f9103832b6f2 (172.XXX.0.XXX) icmp_seq=2 Destination Host Unreachable From f9103832b6f2 (172.XXX.0.XXX) icmp_seq=3 Destination Host Unreachable
Despite the censoring, I’m trying to show that it correctly resolved the IP to 172.X.3, but then says that 172.X.0 is not reachable. When I run this in my localhost (mac), I get:
ping mongo1.alpha.company.com PING mongo1.alpha.company.com (172.XXX.3.XXX): 56 data bytes 64 bytes from 172.XXX.3.XXX: icmp_seq=0 ttl=63 time=11.499 ms 64 bytes from 172.XXX.3.XXX: icmp_seq=1 ttl=63 time=11.264 ms 64 bytes from 172.XXX.3.XXX: icmp_seq=2 ttl=63 time=12.232 ms
I do not have any bridges or output from
ifconfig which conflict with
172.XXX, which is what most posts on this topic have directed me to.
If you got lost in all the details, the TLDR is that I’m connected to a VPN, my mac can ping IP addresses, my docker images can resolve the DNS addresses, but not reach the IPs. Any help would be greatly appreciated.