Docker Community Forums

Share and learn in the Docker community.

Unable to contact postgres runnign nunning on host

Hi,
This is driving me nuts.
I am using rootless docker.

I have a very simple container. All it does is try to connect to a postgresql database and do a simple select.
This simple application works flawlessly outside of a container.

Inside the container it complains about unable to connect.

docker0 interface has ip 172.17.0.1 and that is where I try to connect to from the container.
Simple bridged network.

netstat shows me that postgres is indeed listening on the 172.17.0.1 interface and accepts the 172.17.0.0/16 network

firewall shows that forwarding is allowed.
firewall has been configured to allow all traffic from 172.17.0.0/16

kernel forwarding is on

still no joy. postgresql logs connection attempts but shows nothing when running the container.

running another container and doing a shell inside the container and installing the postgresql-client also says
error: could not connect to server: Connection refused

telnet to 172.17.0.1 5432 gives no connection.

What am I doing wrong or not seeing?

Any and all hints and help is greatly appreciated.

Regards,
Jeroen Baten

Other example. same result:

$ nc -l 8020 &
[1] 10835

$ docker run -ti --network=“host” alpine /bin/sh
/ # apk add curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/x86_64/APKINDEX.tar.gz
(1/5) Installing ca-certificates (20191127-r5)
(2/5) Installing brotli-libs (1.0.9-r3)
(3/5) Installing nghttp2-libs (1.42.0-r1)
(4/5) Installing libcurl (7.74.0-r1)
(5/5) Installing curl (7.74.0-r1)
Executing busybox-1.32.1-r2.trigger
Executing ca-certificates-20191127-r5.trigger
OK: 8 MiB in 19 packages
/ # curl localhost:8020
curl: (7) Failed to connect to localhost port 8020: Connection refused
/ #

One tool that helps debug this type of problem is tcpdump; you can attach it to the different interfaces through which the packets should flow to check where the problem is. Keep in mind that rootless Docker runs inside a dedicated network namespace, so you need tcpdump to enter that net namespace.

Also, if your aim is to run rootless containers, take a look at using Docker + Sysbox (a enhanced runc). You could run your simple app inside that rootless container, and it will have no problem connecting to the postgresql server.

For prosperity I will write how I solved it in the end. So in rootless docker you can inspect the container as much as you like. You can ping the gateway, but not connect to it. The container does resolve hostnames so you can connect to the outside world. In the end I used the external DNS name of the host to connect to the database (since the exposed port was behind a firewall facing the outside world anyway) and that worked.