in a host machine (its LAN ip is 192.168.0.94), I have the following services

1. mysql , its docker-compose.yml is as below. It creates a bridge network called mysql_default，it is assigned a VIP 172.24.0.2

    version: '2'
    services:
      mysql:
        image: mysql:5.7
        restart: always
        container_name: mysql
        volumes:
          - /etc/localtime:/etc/localtime
          - /data/mysql:/var/lib/mysql
        ports:
          - 3306:3306
   

2. nacos, its docker-compose.yml is as below. It starts 3 services, and all of them are in the same bridge network and with a fixed IP address.

    version: "2"
   
    services:
      nacos1:
        container_name: nacos1
        image: nacos:latest
        networks:
          nacos_net:
            ipv4_address: 10.0.2.10
        ports:
          - 8848:8848
        volumes:
          - /root/nacos/application.properties:/app/conf/application.properties
      nacos2:
        container_name: nacos2
        image: nacos:latest
        networks:
          nacos_net:
            ipv4_address: 10.0.2.11
        ports:
          - 8849:8848
        volumes:
          - /root/nacos/application.properties:/app/conf/application.properties
      nacos3:
        container_name: nacos3
        image: nacos:latest
        networks:
          nacos_net:
            ipv4_address: 10.0.2.12
        ports:
          - 8850:8848
        volumes:
          - /root/nacos/application.properties:/app/conf/application.properties
   
    networks:
      nacos_net:
        ipam:
          driver: default
          config:
            - subnet: "10.0.2.0/24"
   

3. user service, for this service, I create a docker swarm in the host and a docker overlay network called pica_net and the service resides in this overlay network

    version: "3"
   
    services:
      pica_user:
        #container_name: pica_user
        image: pica-user:latest
        networks:
          - pica_net
        ports:
          - 8010:8010
        deploy:
          replicas: 1
          update_config:
            parallelism: 1
            delay: 3s
          restart_policy:
            condition: on-failure
        volumes:
           - /root/pica/user/logs:/app/logs
        #  - /root/pica/user/application.properties:/app/conf/application.properties
        entrypoint: ["java", "-Xmx150m", "-Xss512k", "-Dserver.port=8810", "-Dspring.profiles.active=prod", "-jar", "/app/pica-user.jar"]
   
   
    networks:
      pica_net:
        external: true
   

I find that it is not possible for user service to connect to Nacos service, so I do a series of telnet connection test to the following IP-Port pairs

a: (target at nacos containers with their VIPs in the overlay network) 10.0.2.10:8848/10.0.2.11:8848/10.0.2.12:8848

b: (target at nacos container 1 with LAN IP of host machine) 192.168.0.94:8848

c: (target at nacos container 2 with LAN IP of host machine) 192.168.0.94:8849

d: (target at nacos container 3 with LAN IP of host machine) 192.168.0.94:8850

e: (target at mysql container with LAN IP of host machine) 192.168.0.94:3306

f: (target at mysql container with its VIP in the bridge network) 172.24.0.2:3306

according to my test, my observation is:

1. on the host machine, successfully telnet to all the above IP-Port pairs
2. from inside mysql container: successfully telnet to a,b, but failed in telnet to c and d
3. from inside user container: successfully telnet to e,f, but failed in telnet to a, b, c, d
4. from inside nacos containers: successfully telnet to e,f, but failed in telnet to a, b, c, d

from all of them ping to the above LAN IP or VIPs are all successful

I’m wondering why there are failures in telnet as indicated in 2), 3) and 4), what are the reasons? and how can I make the telnet successful?