Windows Server 2016 - IP Binding with NAT

tyrola · September 28, 2016, 1:20pm

Hello,

I’m currently testing the Windows Server 2016 RC with Docker. I am trying to setup multiple containers with the same external port on different ip addresses but I can’t get it work.

My network setup on the container host contains multiple IPv4 addresses. For example:
192.168.1.100
192.168.1.101
192.168.1.102

I’ve trying to startup multiple containers on the node. Some of them with different ports and some of them with the same port. But Docker binds the ports by default to 0.0.0.0 (any ip) which makes it impossible to bind the same port multiple times. But it seems like it’s not supported:

docker run -ti -p 192.168.1.102:27015:27015/udp microsoft/windowsservercore cmd.exe
docker: Error response from daemon: failed to create endpoint hopeful_montalcini on network nat: Windows does not support host IP addresses in NAT settings.

What can I do?

Using a different network driver? But then I can’t share the same ip over multiple containers and I also can’t use the IP on the container node itself.
Is there a way to overwrite the IP binding with the NAT driver? Windows should support this normally. See:

PS C:\Users\Administrator> Get-NetNatStaticMapping

StaticMappingID : 3
NatName : Hdf6a3403-c446-4b64-98fb-035dbe2c7fac
Protocol : UDP
RemoteExternalIPAddressPrefix : 0.0.0.0/0
ExternalIPAddress : 0.0.0.0 < this should be changeable? >
ExternalPort : 27015
InternalIPAddress : 172.30.132.47
InternalPort : 27015
InternalRoutingDomainId : {00000000-0000-0000-0000-000000000000}
Active : True

Edit: I’ve created a feature request on Github.

Regards,
Alexander

niboro · October 6, 2016, 5:10pm

I don’t think this is possible yet. We faced kind of the same issue.
We created a transparent network so we can assign IP’s to the containers and thus having it run on the same port.

At the moment we are also looking into using the port mapping option so we don’t have to work with fixed IP’s, but this can get kinda nasty when recreating a container and it getting a new IP address. Firewall rules don’t really like this

tyrola · October 6, 2016, 5:12pm

The transparent network isn’t compatible with our setup.

We need to share IP addresses between containers and we also using it on the container host. Like I know it’s not possible, the IP can be added only to one container.

WinNAT seems to be the only option for us.

niboro · October 6, 2016, 5:14pm

Yes. That makes it a lot more difficult.
If we come across this issue ourselves and find a way to do it I will post it back here.

jmesser81 · October 6, 2016, 9:57pm

I’m not sure I understand your scenario. Why do you want to pin a port mapping rule to one specific IP? Does one of the other Host IPs need to run a UDP service on port 27015? If so, why can’t you just use a different ephemeral port?

I will check if DNAT IP binding works or not through Docker on Windows (I suspect not).