Unable to get container to recieve udp port traffic from host

I am running a docker host with Server 2016. I have a service inside of the container which sends UDP traffic on port 1234 and listens for a response on 1234. I am using a transparent docker network.

My problem is that the service in the container never receives the response, even though I can verify an outgoing and incoming UDP message at port 1234 with wireshark.

To create the docker network I issued this command:
docker network create -d transparent --subnet=192.168.1.0/24 --gateway=192.168.1.1 TransparentNet3

This created a transparent network with an IP of 192.168.1.115

I executed docker run like so…
docker run --name acm_instance_rev20_x -i -t -p 135:135 -p 1433:1433 -p 5330:5330 -p 5331:5331 -p 5332:5332 -p 5333:5333 -p 5334:5334 -p 5335:5335 acm_instance_rev20_image cmd

When I trigger the service in the container to poll the network endpoint via UDP (IP of 192.168.105.40) I see a message go to the endpoint via wireshark:
208 6.401078 192.168.1.115 192.168.105.40 UDP 90 23264 → 1234 Len=48
And I see the endpoint respond via wireshark to the transparent network IP (192.168.1.115):
238 7.522921 192.168.105.40 192.168.1.115 UDP 89 1234 → 1234 Len=47

However, the service in the container never receives the response message.

If I send a TCP message then the service in the container receives the response traffic. Example…
TCP message going from transparent network IP 192.168.1.115 to endpoint at 192.168.4.43:
894 9.227289 192.168.1.115 192.168.4.43 TCP 62 46580 → 5110 [PSH, ACK] Seq=1 Ack=1 Win=262656 Len=8
TCP message response coming back from endpoint at 192.168.4.43 to transparent network IP 192.168.1.115:
914 9.671135 192.168.4.43 192.168.1.115 TCP 70 5110 → 46580 [PSH, ACK] Seq=1 Ack=9 Win=5840 Len=16

Again, I am using Server 2016 so this fails:
PS C:\Users\Public\Downloads> docker run --name acm_instance_rev20_x -i -t -p 135:135 -p 1433:1433 -p 5330:5330 -p 5331:5331 -p 5332:5332 -p 5333:5333 -p 5334:5334 -p 5335:5335 -p 127.0.0.1:1234:1234/udp acm_instance_rev20_image cmd C:\Program Files\Docker\docker.exe: Error response from daemon: failed to create endpoint acm_instance_rev20_x on network nat: Windows does not support host IP addresses in NAT settings.

If I do this then 1234 gets blocked and wireshark shows UDP going out but not going in:
docker run --name acm_instance_rev20_x -i -t -p 135:135 -p 1433:1433 -p 5330:5330 -p 5331:5331 -p 5332:5332 -p 5333:5333 -p 5334:5334 -p 5335:5335 -p 1234:1234/udp acm_instance_rev20_image cmd

I would appreciate any help. I’m learning docker and fine points of networking at the same time. I think that UDP is blocking itself at some level before it reaches the container but not sure how to resolve.

Resurrecting this question. I’m experiencing exactly this issue. Were you able to resolve it?

I put the project on pause for some time. It got resurrected a few days ago actually, so I’ll retry it (hopefully today or tomorrow) and let you know.

1 Like

Fantastic, thank you. If I make any progress I’ll share it here.

OK. it doesn’t seem to work with NAT network mode. But it does work if you run the container in transparent mode. Which basically bridges every port of your container to your LAN as far as I can tell.

Try:
docker network create -d transparent transnet
docker run --network transnet yourimage

Does that work for you?

That looks promising, but didn’t work for me. I may be suffering from more fundamental issues though. I’m new to Docker and probably haven’t configured something correctly. For instance, it looks like my container doesn’t have an IP address:

         "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "f1fdf6e7682a16cdfd0ff37589b3302b59b9115710c50e512e20dbb3b4744c3e",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "5055/udp": null,
                "5056/udp": null
            },
            "SandboxKey": "f1fdf6e7682a16cdfd0ff37589b3302b59b9115710c50e512e20dbb3b4744c3e",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "transnet": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "f1fdf6e7682a"
                    ],
                    "NetworkID": "2a1c7ee374c4f36e00f8be4edf7350d54310aaddbfebea8525e5e8d301a361b1",
                    "EndpointID": "4db3dd543a8395029f87a23d810fc8a9f30864047960247bdc90328fbc426267",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "00:15:5d:f7:f0:46",
                    "DriverOpts": null
                }
            }

That seems like a problem.

Try
docker exec -it containerid ipconfig

I had the same issue with the inspect call giving me nonsense.

In that mode your container receives an IP on your LAN. On the same network as your computer.

OK, using that command I do see an IP address. When I run my container like this:
docker run --network transnet -p 5055:5055/udp -p 5056:5056/udp <container-name>

I think I should see the ports open for UDP traffic when I run netstat -a -p UDP, e.g:

Proto  Local Address          Foreign Address        State
  UDP    0.0.0.0:5055           *:*
  UDP    0.0.0.0:5056           *:*

But they’re not there. I do see them listed when I run the app directly on the host, just not when running in the docker container.

When you run this command with your docker image running, do you see your UDP port listed?