Docker Community Forums

Share and learn in the Docker community.

Running Mac Docker desktop I can't access external network hosts from inside a container

I’m running Catalina (MacOS 10.15.1) with Docker Desktop (39773), engine 19.03.4, compose 1.24.1

When I start up a container I can ping to hosts outside our company, and curl to get web pages, but I can’t ping to any host inside our 10.x.x.x private network. Which presents problems when trying to load code from our company host which has a ip address in the private range.

Is this doable from a Mac or do I have to run a VirtualBox linux instance and get access from containers in that?

If it is doable, how do I do it?


John Small

You probably need to specify your company’s intranet DNS server’s IP address via the --dns option when starting the container:

docker run --dns ...

I think you can also add the DNS server in Docker Desktop’s preferences, so you won’t have to do it on every docker run. In the Advanced settings, add the DNS in daemon.json, if I recall. Sorry, it’s been a long time since I’ve configured that, and I’m not at my work computer at the moment.

Hi jmmen1. The problem wasn’t that it couldn’t find the ip address from the name, it could get the ip perfectly ok. The problem was that it wouldn’t route through to anything on the 10.x private subnet. But…

After days of trying different options I just uninstalled Docker Desktop and zapped all config files, and reinstalled and it worked perfectly. So now the problem is fixed, but without a clear idea of why I had the problem in the first place.

Just spent several hours poking around with this trying to figure out what on earth had happened. It turns out it’s pretty simple. Amazingly a docker network can use the same subnet as your LAN or an overlapping one. I guess docker daemon running in a VM doesn’t know what subnet to avoid.

So if this happens to you then the very first thing to do is type:

docker network prune

If that doesn’t help then you will need to find the network manually and figure out how to remove it:

philip@Philips-MBP ~ % docker network ls
NETWORK ID     NAME                    DRIVER    SCOPE
f617e47f76bb   bridge                  bridge    local
6b3052841d3f   host                    host      local
3141c1aa54d4   none                    null      local

philip@Philips-MBP ~ % docker inspect f617e47f76bb | grep Subnet
                    "Subnet": "",

At this point it’s likely you have active containers on that subnet so you may need to tear them down first.