Docker Community Forums

Share and learn in the Docker community.

[SOLVED] Unable to expose custom network to external access

docker

(Oscar Carballal Prego) #1

Hi,

First of all, sorry if this is not the right place to post this, I’m a bit confused about the categories :stuck_out_tongue:

I’m having trouble exposing a network that I created to the outside world. If I start a container in the default network, it works perfectly fine, but if I create it inside my network it doesn’t reach the outside world.

Steps to reproduce

  • Install RancherOS and run it
  • Run the command: docker network create --subnet=172.18.0.0/16 my_net
  • Spin up a new container: docker run --name nginx_lb -p 80:80 -p 443:443 --net my_net --ip 172.18.0.2 -d nginx:mainline-alpine
  • Try to access the machine on ports 80 or 443. The server will not reply (it should show nginx’s default page)

Here is my IPTables config:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (2 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:www

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

My setup is RancherOS 1.3.0 and the following docker:

Client:
Version:      17.09.1-ce
API version:  1.32
Go version:   go1.8.3
Git commit:   19e2cf6
Built:        Thu Dec  7 22:21:47 2017
OS/Arch:      linux/amd64

Server:
Version:      17.09.1-ce
API version:  1.32 (minimum version 1.12)
Go version:   go1.8.3
Git commit:   19e2cf6
Built:        Thu Dec  7 22:28:28 2017
OS/Arch:      linux/amd64
Experimental: false

Thanks


(Oscar Carballal Prego) #2

Nevermind, I found the issue.

It turns out that the interface docker-sys that RancherOS creates had the same subnet as my network, so they were colliding. I moved my network to another range and everything is fine now.