Docker container has access to internet but not the local network

Question

I have a windows docker container running on win server 2016

The the site running in the container is accessible from other nodes on the network.

The container has access to the internet (it can access 3rd party nodes external to the network), but it is unable to connect to other nodes in the network.

When an app running in the container tries to access a service on another machine in the network (machine_name) it gets the following error:

The remote name could not be resolved: machine_name

When the app tries to connect to a database on the network:

A network-related or instance-specific error occurred while establishing a connection

So it looks like the container does not have access or cannot find the machines on intranet

I ran docker exec -ti e87633560c6c ipconfig /all and got the following:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : gmsa_acct
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter vEthernet (Container NIC 0b35fe9f):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 00-15-5D-30-F4-1D
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7939:903e:141f:5c98%24(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.22.223.136(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . : 172.22.208.1
   DNS Servers . . . . . . . . . . . : 172.22.208.1
                                       10.xxx
                                       10.xxx
   NetBIOS over Tcpip. . . . . . . . : Disabled

I ran this command in the machine that the container is running on

docker exec e87633560c6c nltest /sc_verify:mydomain.com
Flags: b0 HAS_IP  HAS_TIMESERV
Trusted DC Name \\D1dns01.mydomain.com
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully

The strange thing is that the same container ran on another host without any issues. We are now trying to run it on a new host and are getting the above issues.

Any help is appreciated.

Thanks.

EDIT: I am able to connect via the IP address and not the machine name. How can I connect via the machine name?

You probably need to setup a Docker DNS. c.f. https://docs.docker.com/config/containers/container-networking/ There is a stackoverflow answer for this https://stackoverflow.com/questions/38302867/how-to-update-etc-hosts-file-in-docker-image-during-docker-build You will need to define your own "/etc/hosts" file with the hostname and its ipaddr resolution — MarkAddison, Oct 08 '20 at 18:00

Tebe · Answer 1 · 2023-02-15T19:30:45.943

1

Enable forwarding from Docker containers to the outside world

Configure the Linux kernel to allow IP forwarding.

a. sudo sysctl net.ipv4.conf.all.forwarding=1

Change the policy for the iptables FORWARD policy from DROP to ACCEPT.

b. sudo iptables -P FORWARD ACCEPT

These settings do not persist across a reboot, so you may need to add them to a start-up script.

These commands are to be run on host machine

edited Feb 15 '23 at 19:30

answered Feb 14 '23 at 13:12

Tebe

3,176
8
40
60

score 0 · Answer 2 · answered Sep 30 '20 at 22:51

When Docker create a network for its running container, as default it create a NATed network of type bridge. You can fine more detail about your container's network with the command docker network ls, the results it's like these:

NETWORK ID          NAME                DRIVER              SCOPE
17e324f45964        bridge              bridge              local
6ed54d316334        host                host                local
7092879f2cc8        none                null                local

You can try with "host" network configuration:

If you use the host network mode for a container, that container’s network stack is not isolated from the Docker host (the container shares the host’s networking namespace), and the container does not get its own IP-address allocated. For instance, if you run a container which binds to port 80 and you use host networking, the container’s application is available on port 80 on the host’s IP address.

Use host networking

I do have neither host nor bridge. I see only nat and none. What am I missing please? — user1253073, Oct 01 '20 at 14:38
The problem here is windows. Docker on Windows runs on an virtual machine! (unless you use wsl2) — pbacterio, Oct 09 '20 at 14:16

score 0 · Answer 3 · answered Oct 08 '20 at 05:16

0

The issue is your DNS settings are not working. It looks like a lot of reports are out there of similar issues with Docker on Windows (see here). But here are a few options to try:

Step up to latest docker version (if you're not there already)
Resetting to factory settings (see here)
Assigning a static DNS server through your daemon.json file, for example:

"dns" : ["8.8.8.8"]

answered Oct 08 '20 at 05:16

sfb103

264
1
7

I agree issue is DNS, but I don't think this solution will work for local network – Tarek El-Mallah Feb 03 '22 at 16:01

score -1 · Answer 4 · answered Oct 08 '20 at 19:16

As mentioned in @a_manfrinati answer, the default network brige is used by a new container. In your case it looks both nodes are not running on same network.

Try creating a network first and then adding nodes later to it:

$ docker network create my_new_network
$ docker container run -d --name node1 --network my_new_network node1
$ docker container run -d --name node2 --network my_new_network node2

Also note that the DNS name will be same as the container name.

Docker container has access to internet but not the local network

4 Answers4