Cannot access HTTP from inside Docker container on bridge network

Question

My development environment is in Vagrant (VirtualBox) Linux server that has MySQL (port 3306) and Tomcat (port 18080) running on it. This is the host server that I run Docker on.

I need to run another service inside docker that connects to MySQL and Tomcat server on the host as well as any outside web server.

I found that connection to MySQL to the host is fine. However, connection to HTTP (port 80 or 443) will time out. If I run the same Docker image on my Mac (outside Vagrant), I can connect to both MySQL and any outside web server).

Here's the details:

On my host (Vagrant)

[root@my Downloads]# ip addr show docker0
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:95:b0:5e:47 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:95ff:feb0:5e47/64 scope link 
       valid_lft forever preferred_lft forever
[root@my Downloads]# 

I get into Docker and tried to connect to host's MySQL. This works fine.

[root@my Downloads]# docker exec -it myDocker sh
/opt/myDocker # nc 192.168.100.1 3306
Q
5.7.26-29-logf"}1
                 Q&
                   ??S???&z GTP[a{mysql_native_passwordasdasd
!??#08S01Got packets out of order^Cpunt!

/opt/myDocker # 

But if I tried to connect to HTTP, it doesn't work.

/opt/myDocker # nc 192.168.100.1 18080
/opt/myDocker # nc www.google.com 80
GET /
/opt/myDocker # GET /
sh: GET: not found
/opt/myDocker # 

Connection to my host's Tomcat on 18080 will just return back to prompt. The one to google.com will just hung there for some time then gets back to prompt.

I tried the below as mentioned in https://docs.docker.com/network/bridge/ on the host (Vagrant VM) but it didn't help.

sysctl net.ipv4.conf.all.forwarding=1
iptables -P FORWARD ACCEPT

I'm out of ideas. Can someone help?

EDIT 1: I think this must be something to do with the bridged networking. I tried on another docker on the same VM with host networking and it's fine.

/dokcer2 # nc 192.168.100.1 18080
GET /



<!DOCTYPE html >
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no">
    <meta name="theme-color" content="#000000">
    <link rel="shortcut icon" href="/auth/images/favicon.ico?v=13"/>
    <link rel="stylesheet" type="text/css" href="/auth/static/styles/main.a7589877fc3cc07b7ac7.css"/>
</head>
<body>
<noscript>You need to enable JavaScript to run this app.</noscript>
<div id="loginAppRoot"></div>
<script type="text/javascript" src="/auth/static/js/main.f5071db7f71c2283a0f9.js"></script>
</body>
</html>^Cpunt!

/docker2 # nc www.google.com 80
GET /
HTTP/1.0 200 OK
Date: Sun, 15 Nov 2020 05:21:20 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
... yada yada yada redacted ...

Answer 1

1. Okay, at first I recommend to better understand docker networks (and networks at all)

Docker network overview

Docker bridge networks

Binding container ports

2. In your case:

Virtual machine's internal network is 10.0.2.0/24 (with bridging interface 10.0.2.1)
Docker internal network is 192.168.100.0/24 (with bridging interface 192.168.100.1)

When you trying to connect to virtual machine you are using 10.0.2.11, not 10.0.2.1 (that is bridge interface)
Docker's network is the same. You can't access 192.168.100.11's container via 192.168.100.1 directly, as you can't access 10.0.2.1 from 192.168.0.X.
You need to bind (forward) ports from 192.168.100.0/24 to 10.0.2.0/24 and access you service via 10.0.2.X.
How to bind ports? See Binding container ports link
Docker's internal network (light blue color in my picture) is just for Docker.