Hi all,
I’ve been spending some time getting into the basics of dockerization. Right now, I’m interested in the possibilities of getting windows and linux containers to work at the same time (works well so far) in a windows server 2016/Windows 10 pro environment and having them talk to each other (does not work for me so far).

I seem to not fully grasp all concepts concerning the network setups, and hope for your help here.

Right now, I am trying to implement a setup such as the one I sketched below.

The containers shown in red are Linux containers that consist of two backend services (LC1,2) and a frontend (LC3). The communication required happens via an internal network that just these containers can access. This worked for me by defining a custom ‘bridged’ network and setting its state to ‘internal’. So far, so good.

Now I am trying to set up a Windows Internet information server (WC2) that should be connected to the internet in order to serve as a reverse proxy for the frontend workers (LC3 and some windows worker WC1). For this purpose, the WC2 also needs internet access. Furthermore, LC2,LC3,WC1 should have internet connections to check for updates, but should not expose ports to the web. No container should be able to reach another container over the internet connection network.

The internet connection can be provided via the host that has a physical connection to a router.

I’m quite struggling with this setup, due to the following open questions:

• how would it be possible for the WC2 IIS to reach Linux containers? Can windows and linux containers share a common network? How can this be realized? What type of network would I need (bridged/nat)? And how would I need to configure it?

• Is it possible to create a network for internet access, but isolate containers to suppress communication between them over this network?

Thank you for any help in this matter. I’d also be thankful if you could show me documentation that deals specifically on how to setup a shared windows/linux environment on windows systems with docker. I currently seem to be out of luck finding that…

Hi
For your 2 questions:
To connect windows and linux containers, put the windows and linux nodes in same swarm. When you create a service in same “overlay” network, the 2 services across windows and linux can talk to each other. You can refer this link(https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/swarm-mode)

When you create a user defined bridge in “internal” mode, internet access is prevented. For your case, since you want internet access, dont use internal. When you put containers in same user defined bridge network, containers can talk to each other. containers reach outside world through masquerading. That network cannot be used by other containers. If you dont want connectivity between containers, you can use icc flag to be false, it does not look like what you want.

Regards
Sreenivas

Hi smakam,

first, many thanks for your answer. From what I’ve read by now, swarm mode does indeed look like a feasible option. I’ll explore it further if my current approach should not work.

I’ve dug up the following article from microsoft in which they explain how to install a nat between several adapters to share an internet connection. They mention it is possible to create, control and maintain a connection between linux and windows containters:

I’m not quite done with the installation since that requires some major changes in my system setup. However, I’, hopeful this will resolve the first part. The second part I’m still not quite sure about. Is it possible to create ‘Internet only’ networks in which communication between containers is blocked? I’m looking at this option for security reasons.

For your second question, you can block inter-container communication but allow only “internet-only” for bridge network like below:
docker network create -o “com.docker.network.bridge.enable_icc”=“false” my-network