Issue type: Connectivity problem
OS Version/build: macOS High Sieera, Version 10.13.5
App version: Version 18.03.1-ce-mac65 (24312) on
Steps to reproduce
I am trying to reach host-x.com from docker container running on MacOS but it fails:
$ docker run ubuntu:latest \
/bin/bash -c \
'apt-get update &&
apt-get -y install netcat &&
nc -v -z -w 3 host-x.com 443 &> /dev/null && echo "Online" || echo "Offline"'
Offline
It works fine when:
-
I run a docker container in another machine:
Online -
I run it on my Mac, outside of a docker container:
nc -v -z -w 3 host-x.com 443 &> /dev/null && echo "Online" || echo "Offline"' Online -
I run it on my Mac from docker container, for other target hosts:
$ docker run ubuntu:latest \ /bin/bash -c \ 'apt-get update && apt-get -y install netcat && nc -v -z -w 3 www.google.com 443 &> /dev/null && echo "Online" || echo "Offline"' Online
UPDATE #1
-
As suggested I logged in into container and checked DNS. Host name is correctly resolved:
root@55add56ecc11:/# ping host-x.com PING s1-host-x.com (172.22.187.101) 56(84) bytes of data. -
However, ping packages are not delivered. I though this could be caused by the conflict of IP range in internal docker network and corporate network (172.17.X.X). I tried to fix the docker bridge IP address in my daemon configuration and re-check the connectivity but it didn’t help:
"bip" : "10.10.10.1/8" -
I checked with 3 other persons in my company (4 in total including me). 50% has access to this host (Online), 50% doesn’t (Offline).
-
I tried what @mko suggested, using netcat in interactive mode inside the container. Still timeout.
root@37c61acc5aa5:/# nc -v -z -w 3 host-x.com 443 s1-host-x.com [172.22.187.101] 443 (?) : Connection timed out -
I tried tracing the route but no success:
traceroute -m 10 -w 1 host-x.com traceroute to host-x.com (172.22.187.101), 10 hops max, 60 byte packets 1 10.10.10.1 (10.10.10.1) 0.444 ms 0.388 ms 0.364 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * *
How can I investigate that?