1

What could be the reason for Docker containers not being able to connect via ports to the host system?

Specifically, I'm trying to connect to a MySQL server that is running on the Docker host machine (172.17.0.1 on the Docker bridge). However, for some reason port 3306 is always closed.

The steps to reproduce are pretty simple:

  1. Configure MySQL (or any service) to listen on 0.0.0.0 (bind-address=0.0.0.0 in ~/.my.cnf)

  2. run

    $ docker run -it alpine sh
# apk add --update nmap
# nmap -p 3306 172.17.0.1

That's it. No matter what I do it will always show 

PORT     STATE  SERVICE
3306/tcp closed mysql

I've tried the same with an ubuntu image, a Windows host machine, and other ports as well.

I'd like to avoid --net=host if possible, simply to make proper use of containerization.

Opossum
  • 482
  • 4
  • 16
  • Have a look at this answer: http://stackoverflow.com/a/24326540/645002 It's very thorough, should get you where you need to be – jaxxstorm Dec 05 '16 at 21:14
  • @Frap Yep, that's a great answer and also where I got most of the info on how to use the bridge mode and get the host IP address etc. But unfortunately it didn't help with this issue. – Opossum Dec 05 '16 at 21:18
  • Without totally borking the auto-bridge setup by docker (assuming you are not an iptables masochist), and excluding --net=host..... Pass in a custom dns entry for the host via --add-host. – user2105103 Dec 05 '16 at 21:40
  • You'll need to do a bit more troubleshooting I guess. Can you at least access your MySQL instance _from the host_ on either 127.0.0.1 or 172.17.0.1? – mustaccio Dec 05 '16 at 22:09
  • @mustaccio Both work, yep. I can run several services on the host machine and connect to them successfully from the host itself. – Opossum Dec 06 '16 at 06:36
  • Another day, currently on Windows: it appears `route` in the container does not return the host's IP address. It returns `172.17.0.1` while `ipconfig` on the host returns `10.0.75.1`. `nmap` within the container to `10.0.75.1` returns `open` and my MySQL client app works fine. On `172.17.0.1` it still says `closed`. Any idea what's up with those IPs? Is there a way to query the working IP programmatically from within the container? – Opossum Dec 06 '16 at 07:29

1 Answers1

0

It turns out the IPs weren't correct. There was nothing blocking the ports and the services were running fine too. ping and nmap showed the IP as online but for some reason it wasn't the host system.

Lesson learned: don't rely on route in the container to return the correct host address. Instead check ifconfig or ipconfig on the Linux or Windows host respectively and pass this IP via environment variables.

Right now I'm transitioning to using docker-compose and have put all required services into containers, so the host system doesn't need to get involved and I can simply rely on Docker's DNS. This is much more satisfying.

Opossum
  • 482
  • 4
  • 16