Docker Community Forums

Share and learn in the Docker community.

Unable to reach host from container


(Gcstang) #1

Expected behavior

Ability to have some way of communicating with the host the container sits on while on a VPN

Actual behavior

Tried all IP addresses available but none will resolve the service I have running on the host


OS X: version 10.11.4 (build: 15E65) version v1.11.0-beta8.2
Running diagnostic tests:
[OK] docker-cli
[OK] Moby booted
[OK] driver.amd64-linux
[OK] vmnetd
[OK] osxfs
[OK] db
[OK] slirp
[OK] menubar
[OK] environment
[OK] Docker
[OK] VT-x
Docker logs are being collected into /tmp/20160425-183548.tar.gz
Most specific failure is: No error was detected
Your unique id is: 6304D392-DDD8-40D9-AB48-20B5BFA37F9C
Please quote this in all correspondence.

OSX 10.11.4

Steps to reproduce the behavior

  1. Create a container and attempt to connect to a URL on the host

  2. I just brought up something simple like Tomcat on the host to see if the main page would resolve i.e. http://host:8080/

  3. I tried with the hostnet and nat configurations for network as well as with native/port-forwarding true and false.

  4. I tried to get the proper host ip address by the last entry in the container /etc/hosts file the ip addresses shown in the network (hostnet configuration) and numerous others. While using the old docker-machine configuration it was pretty simple to get that IP address, is there another way to get the host ip address that can be used while on a VPN ?

My host is on a VPN and only port forwarding will work between host and container, I have a virtual machine running in VirtualBox on the host that contains the database and would like to be able to access it using the new beta docker.

**** Figured this out by doing the following:

  1. pinata set network = hostnet
  2. pinata set native/port-forwarding = true
  3. Look up utun0 ip address and use it for dockerhost
  4. Add this to your docker run
  5. From container you can reach the host using dockerhost

(Ralphschindler) #2

Did you figure out a way? I am interested in this as well (remote debugging connections back to IDE).

(Gcstang) #3

Edited my original post with how to do get to the host.

(Alex Sherwin) #4

Considering the new default networking is nat, and sounds like this is the only mode they want to support… does anyone know how to accomplish this with nat networking?

I’ve tried various things but can’t seem to find a reasonable way

(David Maze) #5

If I run ifconfig en0 I can use that IP address to access, at least, other containers’ published ports.

This isn’t that far off the “normal” situation for Docker on Linux, where you can usually guess a working bridge IP address that sees the host (if your container is on then it is probably but it’s not something that’s Known.

(Alex Sherwin) #6

I tried all available IP’s and gateways from inside containers run with default networking or --net=host, I haven’t come up with anything that can get out to the host

I understand your point of view, but what they’re really trying to do here is make the xhyve/hyper-v VM invisible so that docker feels “native” to your host (OS X / Windows). Said another way, they want it to seem like the daemon is running natively in OS X / Windows, by doing all kinds of fancy networking and filesystem tricks with the xhyve/hyper-v VM.

If you think of it this way, it would seem perfectly natural that containers could talk out to the host (OS X / Windows)

The real purpose here is to streamline docker usage for developers… and if it can’t do this, it’s worthless for a ton of use cases