Unable to communicate to a container from the host on a random (unknown until runtime) port.
Suspect problem likely to lie in security / NAT rules of docker restricting access to containers. Currently learning how to work with iptables to enable the communication without messing up host network communication.
Working
- Ping between host and container.
- Ping between container to container.
- ssh from container to host
- dynamic port communication between containers on default network
Fails
- netcat listen on port in container; netcat port on host
- ssh from container on default network to hostuser@localhost (connection refused)
Types of Networks
- Default docker
- Custom docker bridge
- Linux bridge with assigned IP addresses
- Macvlan (can’t communicate with host as default behavior – not investigated very far)
TCP Dump with Netcat
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
2019-07-31 10:11:12.236156 IP (tos 0x0, ttl 64, id 15524, offset 0, flags [DF], proto TCP (6), length 60)
10.0.190.0.56818 > 10.0.190.4.1234: Flags [S], cksum 0x9033 (incorrect -> 0xc062), seq 1635619556, win 29200, options [mss 1460,sackOK,TS val 2207296 ecr 0,nop,wscale 7], length 0
2019-07-31 10:11:12.236192 IP (tos 0x0, ttl 64, id 33639, offset 0, flags [DF], proto TCP (6), length 40)
10.0.190.4.1234 > 10.0.190.0.56818: Flags [R.], cksum 0x48a4 (correct), seq 0, ack 1635619557, win 0, length 0
2019-07-31 10:11:17.241132 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.190.4 tell 10.0.190.0, length 28
2019-07-31 10:11:17.241153 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.190.0 tell 10.0.190.4, length 28
2019-07-31 10:11:17.241155 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.190.0 is-at 86:86:c3:9e:6a:93, length 28
2019-07-31 10:11:17.241157 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.190.4 is-at 02:42:0a:00:be:04, length 28
Any help would be appreciated.