New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to access containers by internal IPs 172.x.x.x #221

Closed
whitecolor opened this Issue Nov 11, 2016 · 111 comments

Comments

Projects
None yet
@whitecolor

whitecolor commented Nov 11, 2016

How to access containers by internal IP 172.x.x.x from dev machine (with docker for windows installed)? So by default you can not connect to containers.

I found out that it can be achived by adding route manually:

route /P add 172.0.0.0 MASK 255.0.0.0 10.0.75.2

Is is a valid method? Shouldn't it be made possible by default?

@rn

This comment has been minimized.

Contributor

rn commented Nov 11, 2016

you should be able to access the containers via localhost. Does that not work?

@whitecolor

This comment has been minimized.

whitecolor commented Nov 11, 2016

you should be able to access the containers via localhost.

What do you mean by that? You mean port mapping or what?

I want to reach their IPs, in my case then I use dnsdock to have DNS discovery for containers and access them by pretty dns names (without need of port mapping)

@kallie-b

This comment has been minimized.

kallie-b commented Nov 11, 2016

So you should be able to access containers from your container host using the container IP. You can use docker inspect <container ID> to get your container's IP address.

Does that answer your question?

@whitecolor

This comment has been minimized.

whitecolor commented Nov 11, 2016

@kallie-b ok what should I do after I got IP? I want to ping it by IP. But it won't work from dev machine. I'm asking how to do this.

@kallie-b

This comment has been minimized.

kallie-b commented Nov 11, 2016

Right, okay--yes, I'm happy to help.

So, can you provide the results that you get when you run docker inspect <container ID>? And let me know which IP address you're trying to use to ping the container--I want to confirm you're using the container's internal IP.

Also, I'm assuming your dev machine is the container host--is that correct? You're not running a VM on your dev machine as the container host, or anything like that?

Could you describe the steps you are taking more specifically (including where each step is executed--in the container, on the container host, or on another, external, host)? Wherever possible, also include any error messages.

@whitecolor

This comment has been minimized.

whitecolor commented Nov 11, 2016

I'm assuming your dev machine is the container host

My machine is not a container host, it is a windows 10 dev machine with installed docker for windows, it has only 10.0.75.x interface related to docker, no 172.x.x.x interface to be able to communicate with 172.x.x.x addresses directly. Host machine is linux that runs on Hyper-V, called MobyLinuxVM.

As I've mentioned, this will solve the issue:

route /P add 172.0.0.0 MASK 255.0.0.0 10.0.75.2

If I was using linux (I never used with docker), but I asume my dev machine would be also a docker host, I could access docker internal network 172.x.x.x. directly without any specific manually added routes to route table.

What I want is a comment about this issue from docker team, and if they are going to make integration between windows 10 dev machine and docker internal networks deeper.

@JMesser81

This comment has been minimized.

JMesser81 commented Nov 11, 2016

ping @friism

@dgageot dgageot added the area/wincon label Nov 12, 2016

@whitecolor

This comment has been minimized.

whitecolor commented Nov 14, 2016

There seem to be a problem with docker network when such route:

route /P add 172.0.0.0 MASK 255.0.0.0 10.0.75.2

is added

Log is full of events, and growing very fast (log.txt - up to 1GB for a few hours):

15:48:00.469][VpnKit         ][Debug  ] com.docker.slirp.exe: Socket.Datagram.input udp:10.0.75.1:54882-172.26.234.194:51029: creating UDP NAT rule
[15:48:00.471][VpnKit         ][Debug  ] com.docker.slirp.exe: Socket.Datagram.input udp:10.0.75.1:54883-172.26.234.194:51029: creating UDP NAT rule
[15:48:00.473][VpnKit         ][Debug  ] com.docker.slirp.exe: Socket.Datagram.input udp:10.0.75.1:54884-172.26.234.194:51029: creating UDP NAT rule
[15:48:00.475][VpnKit         ][Debug  ] com.docker.slirp.exe: Socket.Datagram.input udp:10.0.75.1:54885-172.26.234.194:51029: creating UDP NAT rule
[15:48:00.476][VpnKit         ][Debug  ] com.docker.slirp.exe: Socket.Datagram.input udp:10.0.75.1:54886-172.26.234.194:51029: creating UDP NAT rule

Here is a log with this case:
https://gist.github.com/whitecolor/4940a8566f2b0211f6864cc11adb69be

Which also effects on the host, CPU usage is going up to 100% some time later
image

Can you comment on this as well? What is causing those events in the log?

@dgageot dgageot removed the area/wincon label Nov 14, 2016

@dgageot

This comment has been minimized.

dgageot commented Dec 3, 2016

@whitecolor I'm not sure I understand what you are trying to achieve. Is it a Windows container or a Linux container you are trying to connect to?

@whitecolor

This comment has been minimized.

whitecolor commented Dec 4, 2016

@dgageot
I need to connect to running containers from Windows dev machine where docker is installed.
This can be currently done by adding appropriate routes to routing table via 10.0.75.2 (this IP of docker linux host running on HyperV I believe).

@whitecolor

This comment has been minimized.

whitecolor commented Dec 7, 2016

Did I still failed to explain my request in OP?

  1. I'm running docker-for-windows on windows machine.
  2. Containers that are run on this platform has internal IPs like 172.18.x.x
  3. I want to reach (be able to ping) running containers directly from Windows machine (not using port mapping, I want to reach container's IP)

By default one can not just ping 172.18.x.x, but I found out the solution, add a route in route table:

route /P add 172.18.0.0 MASK 255.255.0.0 10.0.75.2

And now ping 172.18.x.x worked.

But after I installed the lastest beta (build 9123) where network was changed a lot this method using routing table doesn't work anymore.

So can you elaborate on this. How one can reach (ping) 172.x... containers from windows dev machine? Why the method with routing tabled stopped to worked, and how it can be fixed?

@Hronom

This comment has been minimized.

Hronom commented Dec 7, 2016

@whitecolor Thanks for workaround!
Also faced with this problem under windows, under linux I don't have such a problem...

I need to have access to the containers directly by IP address of container, for example by 172.18.0.3

@whitecolor

This comment has been minimized.

whitecolor commented Dec 8, 2016

@Hronom I wonder how does it work on linux by default, which gateway routes 172. address to containers?

@Hronom

This comment has been minimized.

Hronom commented Dec 8, 2016

@whitecolor On linux if I type in console ifconfig, I get next network interfaces:

br-bc76575bc879 Link encap:Ethernet  HWaddr *:*:*:*:*:*  
          inet addr:172.19.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

br-fccc8ee02778 Link encap:Ethernet  HWaddr *:*:*:*:*:*  
          inet addr:172.18.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:343481 errors:0 dropped:0 overruns:0 frame:0
          TX packets:448723 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:93440945 (93.4 MB)  TX bytes:169198433 (169.1 MB)

docker0   Link encap:Ethernet  HWaddr *:*:*:*:*:*  
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:66359 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77517 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3569440 (3.5 MB)  TX bytes:203222893 (203.2 MB)

So there is a network interface br-fccc8ee02778 with IP 172.18.0.1 and mask 255.255.0.0

@whitecolor

This comment has been minimized.

whitecolor commented Dec 8, 2016

So probably on windows host there too such of interface with proper address should be added. But should there be interfaces for each 172.x... ?

@JMesser81

This comment has been minimized.

JMesser81 commented Dec 9, 2016

If your Windows containers are connecting to the default nat network on the container host, there should be a host vNIC named (e.g., vEthernet (nat)) with the NAT network's default gateway IP address assigned to this interface. Could you please verify this by running ipconfig /all

If that's true, then both the internal NAT network prefix and the external network prefix should be "on-link" from the container host's perspective and routing should happen automatically without creating static routes.

I've also created a PR (MicrosoftDocs/Virtualization-Documentation#513) to help aid in container networking diagnostics as well as a clean-up script.

@whitecolor

This comment has been minimized.

whitecolor commented Dec 12, 2016

@dgageot can you please comment on this I believe it is quite important and basic networking issue.

@whitecolor

This comment has been minimized.

whitecolor commented Dec 15, 2016

@Hronom
Can you confirm that the latest beta version doesn't work too? (without routes added to routing table)
I just remember now that when I installed the latest I might not check it with clean routing table. (Just don't want to install and then rollback again.)

@Hronom

This comment has been minimized.

Hronom commented Dec 19, 2016

@whitecolor sorry I'm don't have a chance to test this under beta version...

@pachkovsky

This comment has been minimized.

pachkovsky commented Dec 22, 2016

I can confirm that route add method is not working with latest beta (1.13.0-rc4-beta34 (9562)). 172.17.0.1 is reachable, but none of the containers are.

I can also confirm that the method is working with 1.12.3 (8488) and 1.12.5 (9503).

@whitecolor

This comment has been minimized.

whitecolor commented Dec 22, 2016

@pachkovsky so and without route (out of the box) it too doesn't work I believe in the latest beta?

@rneugeba @dgageot
Not sure why there is no reaction from the team?

@pachkovsky

This comment has been minimized.

pachkovsky commented Dec 22, 2016

@whitecolor without the route it's not working neither in 1.2.x nor in 1.3

@rn

This comment has been minimized.

Contributor

rn commented Dec 28, 2016

@whitecolor could you please provide exact steps on how to reproduce on what you try to achieve, including the command line you use to start dnsdock.
thanks

@whitecolor

This comment has been minimized.

whitecolor commented Dec 28, 2016

@rneugeba
Well dnsdock actually has nothing to do with this issue. The problem with accessing containers by IP from windows machine.

  • You just start any container (but container should be able to respond to pings).

  • Then you need to get its IP. Suppose it is default bridge network, so: docker network inspect bridge (usually something like 172.17.0.2)

  • Try to ping this IP from windows machine ping 172.17.0.2.

  • If you where on linux ping would work out of the box.

  • On docker for windows it doesn't work out of the box.

  • I'm using currenlty 1.12.3-beta30 (8568) and possible workaround works: route /P add 172.0.0.0 MASK 255.0.0.0 10.0.75.2

  • But on later (the latest) beta even this workaround with route doesn't work

  • Probably it should work out of the box as it is does on linux. what do you think?

@ionghitun

This comment has been minimized.

ionghitun commented Jan 9, 2018

I have same issue as @ondraondra81 ,with version 17.12.0-ce, i tried @whitecolor solution and it didn't work
/ # apk add iptables

ERROR: Unable to lock database: Read-only file system
ERROR: Failed to open apk database: Read-only file system

@whitecolor

This comment has been minimized.

whitecolor commented Jan 9, 2018

@ionghitun that is a bad news, I'm still on 17.09.1-ce, didn't check the later versions, you should try/search for some tricks to workaround the issue to unlock it, there probably should be some way.

@ionghitun

This comment has been minimized.

ionghitun commented Jan 9, 2018

I reinstalled 17.09.1 and works, indeed is bad news not working on latest version.

@nkapashi

This comment has been minimized.

nkapashi commented Jan 11, 2018

After upgrading to 17.12.0-ce (15048) I started getting the "bin/sh: iptables: not found" too. The fix for me was:
#docker run --rm -ti --privileged --network=none --pid=host docker4w/nsenter-dockerd bin/sh -c "iptables -A FORWARD -j ACCEPT"

@ionghitun

This comment has been minimized.

ionghitun commented Jan 12, 2018

@nkapashi I confirm it works, thanks!

@MSudhira

This comment has been minimized.

MSudhira commented Jan 24, 2018

I have docker version 7.09.0-ce-mac35 (19611)
Docker service running on MAC(Docker for mac)
Not able to ping the Container with Ip address 127.17.0.1 from the host machine.
Any work around for the ping to work on MAC?

I have tried the #docker run --rm -ti --privileged --network=none --pid=host imagename bin/sh -c "iptables -A FORWARD -j ACCEPT" but still not able to ping it.

@vidyas78

This comment has been minimized.

vidyas78 commented Feb 2, 2018

Docker Version: 17.12.0-ce

  1. I did docker run --rm -ti --privileged --network=none --pid=host imagename bin/sh -c "iptables -A FORWARD -j ACCEPT"
  2. ifconfig gave the below iNet address:
    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    UP LOOPBACK RUNNING MTU:65536 Metric:1
    RX packets:279 errors:0 dropped:0 overruns:0 frame:0
    TX packets:279 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1
    RX bytes:69424 (67.7 KiB) TX bytes:69424 (67.7 KiB)

Now how to access the service url? localhost:8080 doesnt work.

@whitecolor

This comment has been minimized.

whitecolor commented Feb 3, 2018

@vidyas78 you should be able to access 172.x.x.x, which are internal docker network addresses (to get it for a container - docker inspect [container-name] | grep 172). Also may use https://github.com/aacebedo/dnsdock to access containers using DNS names.

Also if you are not so familiar with basic docker networking and related stuff, just consider using host port mapping without involving hacky solution discussed in the current thread.

@vidyas78

This comment has been minimized.

vidyas78 commented Feb 5, 2018

My application docker image is built on linux OS image. When running the container, I have a need to have the container join the subnet mask the host is in.
In Linux OS , I'm able to achieve this using docker run --net=host . But in Windows when I use
--network=host , windows uses Hyper-V and the IP gets mapped to 10.X.X.X. During this mode, docker inspect [container-name] | grep 172 returns empty. Neither I'm able to make it join the host nor able to find out the internal IP of the container.

I was hunting for various options to solve this. Is there any way to achieve this? Would appreciate any inputs provided. Thanks!

@benlumia007

This comment has been minimized.

benlumia007 commented Feb 21, 2018

Running Linux OS running as host and installing docker, it will automatically works flawlessly and you are able to ping 172.x.x.x depending on your IP, Linux doesn't use virtualization since docker is install natvely on the computer. As for Windows, it uses Hyper-V and it uses 10.0.75.2 as the VM's IP address. and as for Mac, it uses something i forgot the name is, but when you install docker, you can use http://localhost to access the VM. if you are using port, then make sure that u use the right port to access whatever application you are using.

Windows and Mac are not fun to use with Docker but it works with ports flawlessly, but Linux is more flawlessly :)

@vidyas78

This comment has been minimized.

vidyas78 commented Feb 21, 2018

Is there any alternative for --net=host @ Windows that's proven to perform the same behavior as in Linux?

@benlumia007

This comment has been minimized.

benlumia007 commented Feb 21, 2018

@vidyas78

Most likely not, because Docker relies on Hyper-V when you are using Windows 10 Professional and it uses NAT to communicate with. I've already tried different ways but it doesn't seem to work. If users got the route add port working before is probably because they were using an older version of Windows 10 Pro. Docker gets install natively under Linux so it behaves differently and it can be communicate one another perfectly. I pretty much gave up so I'm just using ports, so if you have applications running u should be using 10.0.75.2:port.

@fabricek

This comment has been minimized.

fabricek commented Mar 5, 2018

I ve found a workaround. I m talking about windows hyper v docker containers in same subnet as host. This long thread is a bit confusing.
The default network bridge is not the same as a user-defined network bridge. (see https://docs.docker.com/network/bridge)
So create a new network bridge br0 whith your parameters (powershell syntax).

docker network create \`
  --driver=bridge \`
  --subnet=172.28.0.0/16 \`
  --ip-range=172.28.5.0/24 \`
  --gateway=172.28.5.254 \`
  br0

And create a route in cmd terminal : route add 172.28.0.0 mask 255.255.0.0 10.0.75.2 -p
If your Internal Virtual Switch\Subnet Address parameter in docker settings is 10.0.75.0 (default) you must use 10.0.75.2 Or check @whitecolor command docker run --net=host --pid=host -it --privileged --rm alpine /bin/sh -c "ip addr show hvint0 | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b'"
Start all your docker containers with --network=br0 example :
docker run --rm --network=br0 -it alpine /bin/sh
#ip a (give you the ip container ie 172.28.5.1 )
You can now ping all containers from host (192.168.0.5 for example ) and ping 172.28.5.1 is ok

@rn commented on 29 Dec 2016 give a great anwser and he says "Note however, we don't really recommend this approach and would suggest to use..."
I don't touch iptables here and i would like to know if my approach is safer and why ?

@benlumia007

This comment has been minimized.

benlumia007 commented Mar 6, 2018

@fabricek
I tried your solution, and doesn't even work. that seems to be same if i were to use compose to create the bridge as below

version: '2'
services:
  sandbox:
    image: wordpress:php7.1-apache
    container_name: sandbox_wordpress
    ports:
      - '80'
    environment:
      WORDPRESS_DB_NAME: sandbox
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: sup1er2man3
      WORDPRESS_TABLE_PREFIX: wp_sandbox_
    volumes:
      - './public_html:/var/www/html'      
    networks:
      mynet:
        ipv4_address: 172.26.0.5

  themereview:
    image: wordpress:php7.1-apache
    container_name: themereview_wordpress
    ports:
      - '80'
    environment:
      WORDPRESS_DB_NAME: themereview
      WORDPRESS_DB_USER: wordpress
      WORDPRESS_DB_PASSWORD: sup1er2man3
      WORDPRESS_TABLE_PREFIX: wp_themereview_
    volumes:
      - './public_html:/var/www/html'
    networks:
      mynet:
        ipv4_address: 172.26.0.6

  mysql:
    image: mariadb
    container_name: sandbox_mysql
    environment:
      MYSQL_ROOT_PASSWORD: example
      MYSQL_DATABASE: sandbox
      MYSQL_USER: wordpress
      MYSQL_PASSWORD: sup1er2man3
    volumes:
#      - db_data:/var/lib/mysql
      - './docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d'
    networks:
      mynet:
        ipv4_address: 172.26.0.7
        aliases:
          - mysql
      
  phpmyadmin:
    image: phpmyadmin/phpmyadmin
    container_name: sandbox_phpmyadmin
    environment:
     - PMA_ARBITRARY=1
    ports:
     - '80'
    volumes:
     - /sessions
    networks:
        mynet:
            ipv4_address: 172.26.0.8

#volumes:
#    db_data:
    
networks:
  mynet:
    driver: bridge
    ipam:
      config:
        - subnet: 172.26.0.0/24

and add route to it.

@fabricek

This comment has been minimized.

fabricek commented Mar 7, 2018

Review all my points it should work. You didn't put all the options in your mynet config. Try create manually network and remove it from your dockerfile to test. What route rule are you using ? Can you ping the container or this is your wordpress which is not reachable ? Putting a alpine image in your dockerfile with same parameters is pingable ? Make some tests and tell us what's wrong.

@fabricek

This comment has been minimized.

fabricek commented Mar 7, 2018

Oh i ve missed something. Try my example today and it won't work. I check it and will tell you what is missing.

@benlumia007

This comment has been minimized.

benlumia007 commented Mar 7, 2018

@fabricek

I'm going to assume that mynet is basically the same as if you were to create br0 then i made a route to route add 172.26.0.0 mask 255.255.0.0 10.0.75.2 -p I'm still not able to ping any of the 172.0.0.0 IP address. I don't use alpine, since wordpress:php7.1-apache instead.

@topiaruss

This comment has been minimized.

topiaruss commented Apr 27, 2018

@benlumia007
is ping port on container open? Is ICMP traffic served by container?

@larsonnn

This comment has been minimized.

larsonnn commented May 16, 2018

I hope its written in the comments above but I didnt find it....

don't use:

route /P add 172.0.0.0 MASK 255.0.0.0 10.0.75.2

172.0.0.0/8 contains public ip's as well!

use the private subnet 172.16.0.0/12

route /P add 172.16.0.0 MASK 255.240.0.0 10.0.75.2

or even better the right subnet from your docker specific configuration

@rizplate

This comment has been minimized.

rizplate commented May 27, 2018

docker networking is a clown show

@mayaracsferreira

This comment has been minimized.

mayaracsferreira commented Jun 3, 2018

@lucnap

I have almost the same scenario as you, but I'm using virtualbox instead of vmware

I have configured the Adapter 1 to bridged networking and the second to NAT

I couldn't even ping the container so I executed the command router add -p as you commented

Now I get "Destination host unreachable". How did you configured you VM network, please?

@lucnap

This comment has been minimized.

lucnap commented Jun 4, 2018

@mayaracsferreira please describe here all your configuration: host windows ip addr, guest linux ip addr, docker bridge network, docker container ip addr

@mayaracsferreira

This comment has been minimized.

mayaracsferreira commented Jun 6, 2018

@lucnap, thanks for the reply

I changed my strategy and this solved my problem. I'll comment the steps I took here, perhaps this can be helpful to somebody

Now I'm using docker for windows 8.1

I innocently created a network for docker on the same subnet as the host's network with the command on Docker Toolbox

docker network create --driver=bridge --subnet=192.168.1.0/24 localnet

After that I pulled the Image of oracle I wanted and up the container with the network I created before:

docker run --net localnet -d -p 8080:8080 -p 1521:1521 --name oracle wnameless/docker-oracle-xe-11g

To access the database created at this container I needed to discover the external IP of the VM create by Kitematic to run docker

docker-machine ls

Now I can connect to the database running inside docker on the oracle client on the host machine with the ip of the VM and the port 1521

@leandrocgsi

This comment has been minimized.

leandrocgsi commented Jun 8, 2018

docker_toolbox
If you using DockerToolbox for windows just use your IP 192.168.99.100

@ekc

This comment has been minimized.

ekc commented Jun 11, 2018

@leandrocgsi , many thanks for the tip. It works for me
I use Oracle Virtualbox as a driver and I believe the container IP address is translated to that of the docker-machine upon publishing with docker run -p.
The IP address of the docker-machine can be found by running docker-machine ip ...

\ $ docker-machine ip
192.168.99.100
\ $

Once I accessed the docker-machine and dumped the nat chain of the iptables, I found this

\ $ docker-machine ssh                                                                        
                        ##         .                                                          
                  ## ## ##        ==                                                          
               ## ## ## ## ##    ===                                                          
           /"""""""""""""""""\___/ ===                                                        
      ~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ /  ===- ~~~                                                 
           \______ o           __/                                                            
             \    \         __/                                                               
              \____\_______/                                                                  
 _                 _   ____     _            _                                                
| |__   ___   ___ | |_|___ \ __| | ___   ___| | _____ _ __                                    
| '_ \ / _ \ / _ \| __| __) / _` |/ _ \ / __| |/ / _ \ '__|                                   
| |_) | (_) | (_) | |_ / __/ (_| | (_) | (__|   <  __/ |                                      
|_.__/ \___/ \___/ \__|_____\__,_|\___/ \___|_|\_\___|_|                                      
Boot2Docker version 18.05.0-ce, build HEAD : b5d6989 - Thu May 10 16:35:28 UTC 2018           
Docker version 18.05.0-ce, build f150324                                                      
docker@default:~$ sudo iptables -t nat -L                                                     
Chain PREROUTING (policy ACCEPT)                                                              
target     prot opt source               destination                                          
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL   
                                                                                              
Chain INPUT (policy ACCEPT)                                                                   
target     prot opt source               destination                                          
                                                                                              
Chain OUTPUT (policy ACCEPT)                                                                  
target     prot opt source               destination                                          
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL   
                                                                                              
Chain POSTROUTING (policy ACCEPT)                                                             
target     prot opt source               destination                                          
MASQUERADE  all  --  172.17.0.0/16        anywhere                                            
MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:www                    
                                                                                              
Chain DOCKER (2 references)                                                                   
target     prot opt source               destination                                          
RETURN     all  --  anywhere             anywhere                                             
DNAT       tcp  --  anywhere             anywhere             tcp dpt:www to:172.17.0.2:80    
docker@default:~$                                                                             

On my Windows host, I can access port 80 of the container via the docker-machine ip

\ $ curl http://192.168.99.100/demo.php
<html>
<body>
<h1>My first PHP page</h1>

Hello World!</body>
</html>
\ $
@felipemarques

This comment has been minimized.

felipemarques commented Jun 14, 2018

Iam using a Windows 10 PRO.
Iam not using Docker Toolbox, only docker engine installed on windows and using a virtualbox provider.

For me , the only way for work, is:

route /P add 172.17.0.0/8 192.168.99.100

Is that a correct way?

@benlumia007

This comment has been minimized.

benlumia007 commented Jun 14, 2018

I don't think this problem is going to be solve because, overall docker for windows is is using some kind of vm and you won't be able to access the docker's IP address. you are looking at different IPs using the same box.

I have spend time finding a solution and is it one of things that is not going to take. The only way for you to use the internal IP for docker is by using Ubuntu because docker is install natively not virtualizing. So when it is install natively, you can set different IP for 172.x.x.x.x and it will work fine.

@rizplate

This comment has been minimized.

rizplate commented Aug 15, 2018

ya'all need to move to linux or mac.

no sane person can develop on windows unless you are working on Microsoft tech

@whitecolor

This comment has been minimized.

whitecolor commented Oct 23, 2018

BTW in the late versions the problem of access (again) is just solved by adding persistent routes:

route /P add 172.0.17. MASK 255.255.0.0 10.0.75.2

no need to update routing tables in in the docker vm or something.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment