I have a Windows Server 2019 machine hosting a hyper-V VM with a public service running. I created an internal VMSwitch then configured it as a NAT Gateway with New-NetIPAddress. Then I created a New-NetNat. On my VM I configured it with a manual static IP and set the gateway to the host. Then in Server Roles I added Routing and Remote Access and configured NAT to set up port forwarding to my VM. This way I can host RDP and other services from the VM.
Now, some time later, I also want to be able to host docker containers from my host. The Docker daemon won’t start. When I try to run %ProgramFiles%\Docker\Docker\resources\dockerd.exe I get the following error:
failed to start daemon: Error initializing network controller: Error creating default network: failed during hnsCallRawResponse: hnsCall failed in Win32: The request is not supported. (0x32)
As far as I can tell it’s because I have my own NAT running…
So now I’m thinking of tearing down my existing NAT and perhaps using the default docker nat. I understand how to set up port forwarding for a docker container when I start it - is it possible to use the default docker nat for port forwarding to my existing hyper-V VM? If so, how? Currently I set up the port forwarding in the Routing and Remote Access mmc panel - if not there, then where?
This link hows the powershell commands I used to set up the NAT in the first place.
At the bottom it explains how to use the configuration with docker containers.
It specifically says:
Edit the arguments passed to the docker daemon (dockerd) by adding –fixed-cidr=< container prefix> parameter. This tells docker to create a default nat network with the IP subnet < container prefix> (e.g. 192.168.1.0/24) so that HNS can allocate IPs from this prefix.
How do you edit the arguments passed to the docker daemon? doesn’t dockerd get run as a service?
How do I tell the docker nat to not assign IP addresses in a certain range, so I can keep them separate for hyper-v VM’s ?
Turns out dockerd was failing to launch because it was unable to create a default network. When I looked at Get-NetNat in powershell it showed an old NAT I had created. It seems dockerd requires that no other NATs exist in this manner. I tried to Remove-NetNat but that was failing too. I had to delete the reg keys associated with the nat. After deleting the nat via the reg keys then dockerd was able to run successfully with windows containers.
Ultimately docker created its own VMSwitch. I also still have my own VMSwitch, which works side by side. I am able to continue using NAT port forwarding to my hyperV VM’s using the Windows Server Routing and Remote Access role NAT. For some reason that NAT doesn’t show in Get-NetNat, and doesn’t conflict with docker’s NAT - and allows me to have two NATs running on my server that don’t seem to conflict. The IP ranges of the switches don’t conflict either.