I have been using docker for some time now on my Synology NAS and it works just fine but I need something a little more powerful to run Plex Media Server.
I have installed Photon OS (on my ESXi Host) running Docker and enabled SSH. I have setup a static IP using the following network file configs:
5-Main.link
[Match]
MACAddress=00:00:00:00:00:00 (example)
[Link]
Description=Main
Name=Main
5-Main.network
[Match] Name=Main
[Network] Gateway=192.168.1.1
Address=192.168.1.3/24
DNS=192.168.1.1
DHCP=no
[DHCP] UseDNS=false
I have installed Portainer fine and that works on the 192.168.1.3:9443 address.
What I am trying to achive like I had done successfully on the NAS is to grant a container its own IP address. I created a docker network using the following command:
docker network create --driver=macvlan --gateway=192.168.1.1 --subnet=192.168.1.0/24 --ip-range=192.168.1.0/24 -o parent=Main LAN
This creates the network fine but when you attach it to a container, give the container a MAC address and an IP address within the same range (192.168.1.50) it does not ping out of the container or from the host (or another device) in. curl ipino.io also does not work from inside of the container. These exact steps works perfectly on the Synology NAS (with selecting the NAS' correct NIC etc)
I have tried using Debian OS instead but that also has the same problem. I have tried accepting all traffic in the IP tables but no effect also. On Debian OS, I have also allowed the NIC to be DHCP instead and tried using a static IP within the container but still no effect. I am running out of ideas. I feel this would be something simple but I have searched high and low now but I am coming to a dead end. Any advice would be greatly appreciated.
Related
I have been running a media cluster for sometime without any issues. I have everything networked into two different docker networks... the first network just bridges the docker instance to the local machine, the second network is a docker VPN container that I use for the other media services (an earlier version of what I am working on can be found here: https://github.com/Xander-Rudolph/MediaDocker)
The strangest thing happened today though. I ran the docker update for windows and now docker spools up without any errors or issues, however none of the services work outside of the machine running docker. Usually I have a poke through for a couple of the services in my router (namely wordpress/joomla which is on the bridge) and they work outside of my local network, but none of them are working anymore. I was able to confirm its not the DNS A record because I'm able to use the RDP ports I have mapped for my router, and when I test on another machine in the same network, it can't access the services via the internal IP (but it can RDP).
Anyone have any idea what could have changed to break this? I've already updated all my docker images and even rebuilt my VPN container (before I realized its a networking issue). What are some steps I can do to try to troubleshoot what is going wrong in docker to prevent access outside of localhost?
Update
I've been able to rule out the docker update as the root cause... I upgraded docker on my laptop (which was previously running the same version as my desktop) and its not having the same issue... this configuration must be localized to this desktop... No idea what the issue is... Will try a linux VM on the desktop instead of docker for windows...
Update 2
After a lot of screwing around in both a VM and in WSL, I'm still only able to access the docker services from localhost but not a different machine on my network or via the IP on the host machine (perhaps something similar to this: Can't access localhost via IP address). RDP does work so the computer is accessible but the services are not.
I'm not sure if this is a result of a docker networking config or a windows network config (I'm using WSL with docker installed on ubuntu 20.08) but I'm not seeing anything stick out. I'm going to remove the tag for docker windows but this is definitely an issue with networking and I suspect it has something to do with the fact that the containers are running behind a VPN... although I don't know why I would be able to access them on localhost but not the IP on another VM...
When I run
netstat -a -o
on WSL I can see the established ports on localhost... EX:
tcp 0 0 localhost:7878 localhost:37520 ESTABLISHED
but when I look on the host machine (for wsl) I don't see the connection. I tried to use netsh to create a firewall rule to see if that would help:
netsh advfirewall firewall add rule name="TCP Port 7878" dir=in localport=7878 protocol=TCP action=allow
but it didn't have any effect.
Any suggestions for ways to trace the network to see where/how its failing/getting blocked would be extremely helpful.
Your question: "...What are some steps I can do to try to troubleshoot what is going wrong in docker to prevent access outside of localhost?..."
Troubleshooting help for you, first do you have multiple networking adapters (Ethernet, Wi-Fi, etc.) present on the host. First ensure, the priority of these adapters needs to be configured in correct order so the Windows networking stack can correctly choose gateway routes.
Now, to fix this set your primary internet-connected networking adapter to have the lowest InterfaceMetric value, use can use these Powershell commands from an elevated console:
Get-NetIPInterface -AddressFamily IPv4 | Sort-Object -Property InterfaceMetric -Descending
Please ensure that the host's primary internet-connected network adapter has the lowest InterfaceMetric value.
// Use this command to make the change for e.g. lets say your
// primary adapter InterfaceAlias is 'Wi-Fi'
Set-NetIPInterface -InterfaceAlias 'Wi-Fi' -InterfaceMetric 3
Now step two, if your host's primary network adapter is bridged because you have an External virtual switch setup in Hyper-V, then you will set the external virtual switch to have the lowest InterfaceMetric value.
Lastly, confirm/verify your routing tables, when you run this, the last line should show the primary adapter's gateway address along with it's ifMetric value):
Get-NetRoute -AddressFamily IPv4
If you’re using Docker Toolbox then any port you publish with docker run -p will be published on the Toolbox VM’s private IP address.
docker-machine ip will tell you.
It is frequently
192.168.99.100
Taken from: https://forums.docker.com/t/cant-connect-to-container-on-localhost-with-port-mapping/52716/25
After several attempts using the references below, I was still not getting anywhere. The recommendation by #derple didn't get me anywhere (since I was in wsl) but the article he linked someone had said they switched to linux and uninstalled and reinstalled docker desktop... and for some stupid reason that works.
These are my exact steps I took to fix it:
Uninstall docker desktop
Install WSL and docker inside an ubuntu18.04 instance in wsl
Test docker in wsl with localhost (worked only on localhost still)
Uninstall WSL using windows add/remove features
reinstall docker desktop
Oddly the get-netipinterface and get-netroute look exactly the same as they did before I did the uninstall and reinstall but things seem to be working now... I have no idea why the above worked...
For regular docker containers (say the hello world example), after you run it, it is accessible thought localhost, where you can make a request it through your browser.
But sometimes it seems to access a container you need a special IP address. I'm wondering what's this behavior of docker container networking called and where is it defined/documented.
Let's say my local ip address is 10.0.75.1 (got from Network properties in Windows settings named, vEthernet (DockerNAT)). But in order to connect to a container running I had to use ip address 10.0.75.2. Why is this?
If try to inspect existing docker networks using docker network [cmd], the containers seem to be on different subnets, for example '172.17.0.0/16'
I'm trying to create a Docker container that I can connect to from any device on my local network. Specifically, this container: https://hub.docker.com/r/codercom/code-server. I've tried using Docker Desktop and Docker Toolbox but I've only been able to get it working on my host device. How do I configure my network or other settings to allow other devices on my local network to connect to the container?
I've tried following similar stackoverflow questions, docker forums, and youtube videos. I've tried setting of bridged network connections but nothing has worked for me.
These are some of the sites that I've been on and tried to replicate the solution to my similar problem.
https://forums.docker.com/t/bridge-with-docker-for-windows/30936
https://stackoverflow.com/questions/39111247/how-to-access-docker-container-from-another-machine-on-local-network
https://blog.oddbit.com/post/2014-08-11-four-ways-to-connect-a-docker/
Edit1: The command that I run is: docker run -it -p 127.0.0.3:8443:8443 -v "${PWD}:/home/coder/project" codercom/code-server --allow-http --no-auth This part works but when I try to access 127.0.0.3:8443 from a different computer on the same network it doesn't work. I've tried to solutions from the links that I posted above but I get the same result where the address that I put in fails to load.
What I want to do is host code-server from my desktop computer and allow for a device like a laptop to connect to the code-server. I'm currently on a windows 10 pro machine. Can anyone lead me into the right sort of direction?
Solution:
When I installed Docker for Windows, it creates a network called vEthernet (DockerNAT) (Usually with the IP 10.0.75.1)
My local machine had a network called local area connection with the IP 192.168.0.172(With this IP I was trying to access from other PCs).
So far, My local Machine had Two networks Connections so that I went to Control panel > NetWork and Sharing center > Change Adapter Settings I selected the two networks and I right-click selected Add to bridge. That creates a Third network called Ethernet.
At this point, I didn't know what was the Ip of Ethernet network, so I executed ipconfig command that shows me the IP 192.168.0.17(The settings of local area connection and vEthernet (DockerNAT) disappeared and the IP's 10.0.75.1 and 192.168.0.172 stop working).
With this new IP (192.168.0.17) I tried from another machine in the network and finally I could access to the container(192.168.0.17:9090).
Important if you have a firewall enabled then you need to execute the below script in PowerShell
if (!(Get-NetFirewallRule | where {$_.Name -eq “gitlab 9090”})) { New-NetFirewallRule -Name “gitlab 9090” -DisplayName “gitlab 9090” -Protocol tcp -LocalPort 9090 -Action Allow -Enabled True}
Replace the gitlab and port 9090 with your image name and port.
I want to export the complete ip connectivity (UDP and TCP) from a docker container with a Linux app (ie give it's own ip address (in the same subnet as the host), that can be accessed from the host and from other physical machines on the network).
What do I need to configure in Windows, what in docker, what inside the container?
(NB: I don NOT want to expose ports as part of the host).
I finally solved the problem (for me) by installing Ubuntu in Virtual Box and using the docker containers from there. Not the most elegant solution but working on first try.
Im experimenting with Docker containers and Im having a problem with resolving ips from hostnames from inside my server.
It works fine on my machine (windows 10).
Basically Im just pinging hostnames on our internal network from my server (windows server 2016 running in a VM on VMWare) and it cannot find the host.
I run the container like this:
docker run -it microsoft/nanoserver
and when in the command prompt I ping one of our internal servers using its hostname.
This works fine on my windows 10 machine.
However if I ping the ip directly it works on the server.
If I ping the same hostname directly from the host it works fine.
Im quite new at this and I've been trying to figure it out using various guides, but I havent found anyone who has asked this before.
Any ideas?
The Docker container does not know anything about "your" network. Docker uses virtual interfaces to spin container - networks.
docker run --dns=127.0.0.1
Anyway, you can add your DNS Server to the Docker engine or add some static "host" entries like:
docker run --add-host=myserver.local:192.168.66.66 ...