Unable to connect to host machine from Docker container

Docker Desktop
,
1

Expected behavior

ping (or any other network connection) to Windows host IP from docker container should be possible.

Actual behavior

Pinging Windows host IP from docker container does not work, but pinging any other host on the same network from inside docker container works.

Information

  • Docker for Windows Beta Version:

Client:
Version: 1.11.0
API version: 1.23
Go version: go1.5.4
Git commit: 4dc5990
Built: Wed Apr 13 19:36:04 2016
OS/Arch: windows/amd64

Server:
Version: 1.11.0
API version: 1.23
Go version: go1.5.4
Git commit: a5315b8
Built: Mon Apr 18 08:49:13 2016
OS/Arch: linux/amd64

  • This is no firewall configuration problem
  • The command below works using a Docker 1.11.0 installation on a Linux VM
  • Host distribution and version: Windows 10 Professional 64bit

Steps to reproduce the behavior

  1. docker run --rm alpine ping [IP of Windows host where Docker4Win Beta is installed]
2

what is the IP you use to ping your host?

the Hyper-V switch is internal and Host IP is 10.0.75.1 (subnet 10.0.75.0/24) - the Linux VM uses DHCP (which the com.docker.proxy.exe provides on port 67/UDP) and your MobyLinuxVM will usually take the first free ip: 10.0.75.2 (this is all for beta v7).

If you want more details read this: http://docker-saigon.github.io/post/Docker-Beta/

TLDR: you should ping 10.0.75.1 to reach your host

3

Thanks for your answer.

Unfortunately it is not possible to use the internal IP 10.0.75.2.
I have to use the host IP (e.g. 192.168.100.2) as this one is used for a callback URL. Some other service outside of my Docker containers has to reach one of the containers using the external IP (in this example 192.168.100.2). I have created a port forwarding using netsh from the external IP to the interal IP 10.0.75.2 for this to work.

For some reason the only “outside” IP I can not ping is the one of the host.

4

I think this may require the setup of something called hairpin NAT?

5

NAT is currently provided by the Hyper-V NAT - see also: http://serverfault.com/questions/34149/problem-with-routing-between-hyper-v-vms

6

Never heared of this before. Thanks for the clarification.

7

I could solve my problem using the hostname of the host machine as the callback URL.
For the one Docker container which was not able to ping the host by its public IP, I added an “extra_hosts” entry to docker-compose.yml using the fixed internal IP 10.0.75.1.

1 Like
8

Hi (and sorry for resurrecting this topic),

FORGET IT. Windows Firewall was blocking java.exe proccess from the JDK for public connections, and the HyperV NAT was set as a public interface. After changing that policy to ‘allow’ on public everything works as expected.

I have the same problem as you, a dockerized Nginx inside an Hyper-V VM trying to reach port 8080 (tomcat) on host, but with no result, so I’m surprised it worked for you. The same configuration worked well with Virtual Box.

I have also come to the conclusion of using extra_hosts on my docker-compose.yml, but it still won’t work. Which hostname did you give to the extra host?

These are the lines I added to my container configuration:

    extra_hosts:
      - "host:docker.local"

(I also tried with 10.0.75.1 instead of docker.local, this is just how I’ve got it now)

And this is part of the the nginx virtual host configuration:

upstream tomcat {
    server host:8080;
}

[...]

location / {
    index index.jsp index.html index.htm;

    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Original-Request $request_uri;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://tomcat;
}

It tries to connect for 60 secords or so and then it drops de connection.

Could somebody lend me a hand?