Hi
I’m experiencing an issue with network connectivity from inside a docker container to the local domain network. However connectivity to external domains such as google succeeds, I’d be very grateful if anyone can suggest what I should try next
In summary
Container > PING > google = success
conatiner > PING > local domain = fail
The setup
(docker config output is below)
The local subnets are 172.17.1.x and 172.17.2.x
I have a base machine (Windows 10) running docker (17.03.1-ce-win12) on subnet 172.17.2.x.
Docker is using Hyper-V for its virtualisation platform
The dockerNAT configuration is out of the box, running on 10.0.75.1 with DNS set to automatic.
The container machine has an internal ip of 172.18.0.3.
Test steps
Connectivity from the Windows 10 machine to any machine on the local subnets, inbound and outbound, works just fine. I can ping, connect with telnet on port 80 and 443, and connect externally to sites like google.
The container is running a web server and exposes a port through it’s docker configuration. I am using IIS as a reverse proxy successfully I can connect to the web server on the container successfully both from the Windows 10 machine and any machine on the local subnets.
Connectivity to machines (direct IP) on the internal network from inside the container, ping and telnet, fails eg
PING 172.17.2.65 (172.17.2.65): 56 data bytes
71 packets transmitted, 0 packets received, 100% packet loss
Attempts to ping external resources such as google (8.8.8.8 and google) succeed as do telnet connections (telnet www.google.com 80)
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=37 time=1.632 ms
Since we do have other machines in a different domain running on the 172.18.x.x range I thought that there may be some potential conflict with local routing but I have tried configuring the container to use other subnets with no more success.
I’m using IP addresses directly to rule out any DNS issues.
Can anyone suggest where to look next, I’m happy to provide any further data.
Below are the output of the docker configuration comman, obviously some data is hidden
docker version
Client: Version: 17.03.1-ce API version: 1.27 Go version: go1.7.5 Git commit: c6d412e Built: Tue Mar 28 00:40:02 2017 OS/Arch: windows/amd64 Server: Version: 17.03.1-ce API version: 1.27 (minimum version 1.12) Go version: go1.7.5 Git commit: c6d412e Built: Fri Mar 24 00:00:50 2017 OS/Arch: linux/amd64 Experimental: true
docker inspect
{ "HostConfig": { "NetworkMode": "docker_default", "PortBindings": { "80/tcp": [ { "HostIp": "", "HostPort": "6980" } ] }, "Dns": null, "DnsOptions": null, "DnsSearch": null, }, "NetworkSettings": { "Bridge": "", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "6980" } ] }, "SandboxKey": "/var/run/docker/netns/0d7eae4c2848", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "MacAddress": "", "Networks": { "docker_default": { ... "Gateway": "172.18.0.1", "IPAddress": "172.18.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:12:00:03" } } } }
docker network inspect (network ID)
{ "Name": "docker_default", ..., "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Config": [ { "Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1" } ] }, "Internal": false, "Attachable": false, "Containers": { "005d78543610642e5830b31c4957921bb5f7f622c01263360efbfb6b75b5ce68": { "EndpointID": "da29024cef10dc0f4aba8e76af5322595666d2092b73f5950adca286ca98b5cf", "MacAddress": "02:42:ac:12:00:03", "IPv4Address": "172.18.0.3/16", "IPv6Address": "" },... } }