user2133558
Reputation: 534
Can t ping my docker container outside of the host
Hi i have setup and started a docker container. When i access this container and do ifconfig, this is what i get:
eth0 Link encap:Ethernet HWaddr 02:42:0a:32:00:02
inet addr:10.50.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:387 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:73801 (73.8 KB) TX bytes:1572 (1.5 KB)
eth0:1 Link encap:Ethernet HWaddr 02:42:0a:32:00:02
inet addr:10.50.1.1 Bcast:10.50.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0:2 Link encap:Ethernet HWaddr 02:42:0a:32:00:02
inet addr:10.50.1.2 Bcast:10.50.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0:3 Link encap:Ethernet HWaddr 02:42:0a:32:00:02
inet addr:10.50.1.3 Bcast:10.50.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
I can perfectly ping those addresses form the host (eth0 and its virtual ips)
On the host this is the ifconfig output
br-dfd292823ec9 Link encap:Ethernet HWaddr 02:42:1b:2b:32:c3
inet addr:10.50.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:1bff:fe2b:32c3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:320 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1320 (1.3 KB) TX bytes:65375 (65.3 KB)
docker0 Link encap:Ethernet HWaddr 02:42:93:9a:5c:ea
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:93ff:fe9a:5cea/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:2967 (2.9 KB)
eth0 Link encap:Ethernet HWaddr ec:b1:d7:56:9d:88
inet addr:10.250.1.49 Bcast:10.250.255.255 Mask:255.255.0.0
inet6 addr: fe80::f784:a7df:5e4e:ce2f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:270248 errors:0 dropped:0 overruns:0 frame:0
TX packets:113084 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:208274777 (208.2 MB) TX bytes:67211395 (67.2 MB)
Interrupt:20 Memory:f7d00000-f7d20000
eth1 Link encap:Ethernet HWaddr 68:05:ca:3e:0c:f3
inet addr:192.168.108.222 Bcast:192.168.109.255 Mask:255.255.254.0
inet6 addr: fe80::8f37:3338:32cf:ba39/64 Scope:Link
inet6 addr: 2620:2c:40c0:c00:2d9e:8857:7d24:f4ee/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:94805 errors:0 dropped:1 overruns:0 frame:0
TX packets:19184 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:36493713 (36.4 MB) TX bytes:4842334 (4.8 MB)
Interrupt:19 Memory:f7cc0000-f7ce0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:11023 errors:0 dropped:0 overruns:0 frame:0
TX packets:11023 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:1730700 (1.7 MB) TX bytes:1730700 (1.7 MB)
veth06b2b8e Link encap:Ethernet HWaddr 8e:96:03:60:49:5c
inet6 addr: fe80::8c96:3ff:fe60:495c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:392 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1572 (1.5 KB) TX bytes:74749 (74.7 KB)
Now i am trying to ping those container adresses (10.50.0.2 , 10.50.1.1,...) from other machine that are in the same network as the host machine and route added to them to use the host machine as gw to access the 10.50.0.0/16 network, yet i can't ping the docker container IPs. I am using docker 17 ce and ubuntu 16.
Upvotes: 1
Views: 2213
Answers (1)
user2133558
Reputation: 534
So i found the solution to my problem. Turns out that by doing sudo iptables -L -n i found the following
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
So the FORWARD policy was set to DROP, meaning no traffic forwarding to my docker containers, i then did sudo iptables -P FORWARD ACCEPT and that resolved my problem.
Upvotes: 3
Related Questions
- why I can't ping my docker container?
- How could I ping my docker container from my host
- Docker: Unable to access container's internal IP from host
- Ping Docker Container from another machine in the network
- Can't ping service inside Docker container from the host machine
- How to ping Docker-Container inside host network?
- Docker container binds to port, but I am unable to ping it
- Ping Command inside docker container doesnt work
- Cannot ping docker container from the host machine
- Unable to ping docker container