Closed kr-sri closed 6 years ago
Apologies on the late response, last few months have been somewhat crazy for me.
I merged a minor fix which deals with local routing, that may solve your issue. Do you mind pulling and giving it another try. If you still have issues please provide me with the following command outputs:
ls -l /dev/tap*
to make sure docker has access to tap interfaceifconfig
to make sure docker connected to the tap interfacenetstat -rn
to make sure routes were set to the containers over the tap interfacedocker run --rm --privileged --pid=host --net=host alpine ifconfig
to make docker created the target interfacedocker run --rm --privileged --pid=host debian nsenter -t 1 -m -u -n -i iptables-save
to make sure the docker host allows routingdocker inspect <<Container_id>>
to make sure your container is configure to use all of the aboveP.S. I just used this on Sierra and it all worked. I plan to upgrade to High Sierra and giving it another test run next week.
Im runnig on High Sierra and all worked fine. But I thing that @kr-sri use bad route command '172.18.0.0/16 -netmask 255.255.0.0' is not correct. You are declare two times network mask
@ondraondra81 good chatch! Totally missed that in his comment, Indeed he does provide the net mask twice
@kr-sri mind giving it another go with route -n add -net 172.18.0.0 -netmask 255.255.0.0 10.0.75.1
?
Hej, I have problem with Docker version 17.09.1-ce, build 19e2cf6, macOS 10.13.2 and your script. I have Docker network 172.16.1.0/24 (gateway 172.16.1.100, container 172.16.1.1). macOS (10.0.75.1) <--------> (10.0.75.2) xhyve (172.16.1.100) <-----> (172.16.1.1) container
Communication between macOS and xhyve work. Communication between xhyve and macOS work. Communication between xhyve and container work. Communication between macOS and container do't work....
In xhyve:
/ # ping 172.16.1.1
PING 172.16.1.1 (172.16.1.1): 56 data bytes
64 bytes from 172.16.1.1: seq=0 ttl=64 time=0.310 ms
64 bytes from 172.16.1.1: seq=1 ttl=64 time=0.217 ms
^C
--- 172.16.1.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.217/0.263/0.310 ms
/ # ping 10.0.75.1
PING 10.0.75.1 (10.0.75.1): 56 data bytes
64 bytes from 10.0.75.1: seq=0 ttl=64 time=0.674 ms
64 bytes from 10.0.75.1: seq=1 ttl=64 time=0.631 ms
^C
/ # iptables -A FORWARD -o eth1 -j ACCEPT
/ # iptables -A FORWARD -i eth1 -j ACCEPT
/ # iptables-save
# Generated by iptables-save v1.6.0 on Tue Jan 9 21:06:46 2018
*security
:INPUT ACCEPT [18796:25027703]
:FORWARD ACCEPT [97534:84594182]
:OUTPUT ACCEPT [9678:407593]
COMMIT
# Completed on Tue Jan 9 21:06:46 2018
# Generated by iptables-save v1.6.0 on Tue Jan 9 21:06:46 2018
*raw
:PREROUTING ACCEPT [116458:109635755]
:OUTPUT ACCEPT [9678:407593]
COMMIT
# Completed on Tue Jan 9 21:06:46 2018
# Generated by iptables-save v1.6.0 on Tue Jan 9 21:06:46 2018
*nat
:PREROUTING ACCEPT [179:22875]
:INPUT ACCEPT [2:168]
:OUTPUT ACCEPT [134:8816]
:POSTROUTING ACCEPT [132:9080]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.16.1.0/24 ! -o br-dc56e66870cb -j MASQUERADE
-A POSTROUTING -s 172.18.0.0/16 ! -o br-730f6807e00a -j MASQUERADE
-A POSTROUTING -s 172.19.0.0/16 ! -o br-50afe9a59255 -j MASQUERADE
-A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A DOCKER -i br-dc56e66870cb -j RETURN
-A DOCKER -i br-730f6807e00a -j RETURN
-A DOCKER -i br-50afe9a59255 -j RETURN
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 9000 -j DNAT --to-destination 172.17.0.2:9000
COMMIT
# Completed on Tue Jan 9 21:06:46 2018
# Generated by iptables-save v1.6.0 on Tue Jan 9 21:06:46 2018
*mangle
:PREROUTING ACCEPT [116458:109635755]
:INPUT ACCEPT [18796:25027703]
:FORWARD ACCEPT [97534:84594182]
:OUTPUT ACCEPT [9678:407593]
:POSTROUTING ACCEPT [107212:85001775]
COMMIT
# Completed on Tue Jan 9 21:06:46 2018
# Generated by iptables-save v1.6.0 on Tue Jan 9 21:06:46 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:76]
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -o eth1 -j ACCEPT
COMMIT
# Completed on Tue Jan 9 21:06:46 2018
/ # cat /proc/sys/net/ipv4/ip_forward
1
I ping from macOS to docker container and I don't get response :/ In xhyve (routing in macOS seems ok):
/ # tshark -i eth1
Capturing on 'eth1'
1 0.000000000 Netapp_bc:f5:d7 → Broadcast AoE 32 Query Config Information Request
2 4.018466467 0.0.0.0 → 255.255.255.255 DHCP 379 DHCP Discover - Transaction ID 0xc13abb72
3 6.651532284 10.0.75.1 → 172.16.1.1 ICMP 98 Echo (ping) request id=0x2966, seq=0/0, ttl=64
4 7.652613102 10.0.75.1 → 172.16.1.1 ICMP 98 Echo (ping) request id=0x2966, seq=1/256, ttl=64
5 8.655390355 10.0.75.1 → 172.16.1.1 ICMP 98 Echo (ping) request id=0x2966, seq=2/512, ttl=64
6 9.656999892 10.0.75.1 → 172.16.1.1 ICMP 98 Echo (ping) request id=0x2966, seq=3/768, ttl=64
7 10.660270802 10.0.75.1 → 172.16.1.1 ICMP 98 Echo (ping) request id=0x2966, seq=4/1024, ttl=64
8 11.664564778 10.0.75.1 → 172.16.1.1 ICMP 98 Echo (ping) request id=0x2966, seq=5/1280, ttl=64
9 11.684159855 10.0.75.1 → 224.0.0.251 MDNS 82 Standard query 0x0000 PTR _googlecast._tcp.local, "QM" question
^C 10 12.668122103 10.0.75.1 → 172.16.1.1 ICMP 98 Echo (ping) request id=0x2966, seq=6/1536, ttl=64
Why?
@michalciolek can you provide me with the output for the commands I previously mentioned:
ls -l /dev/tap*
to make sure docker has access to tap interfaceifconfig
to make sure docker connected to the tap interfacenetstat -rn
to make sure routes were set to the containers over the tap interfacedocker run --rm --privileged --pid=host --net=host alpine ifconfig
to make docker created the target interfacedocker run --rm --privileged --pid=host debian nsenter -t 1 -m -u -n -i iptables-save
to make sure the docker host allows routingdocker inspect <<Container_id>>
to make sure your container is configure to use all of the aboveOk, I have already written that I have communication between macOS and xhyve VM, routing on macOS works OK (output from tshark) and I send the iptables-save output, but here's the output:
╭─michael@MacBook-Pro-michael ~
╰─$ ls -l /dev/tap*
crw-rw---- 1 root 42, 0 sty 10 00:00 /dev/tap0
crw-rw---- 1 michael 42, 1 sty 10 06:54 /dev/tap1
crw-rw---- 1 root 42, 10 sty 9 20:04 /dev/tap10
crw-rw---- 1 root 42, 11 sty 9 20:04 /dev/tap11
crw-rw---- 1 root 42, 12 sty 9 20:04 /dev/tap12
crw-rw---- 1 root 42, 13 sty 9 20:04 /dev/tap13
crw-rw---- 1 root 42, 14 sty 9 20:04 /dev/tap14
crw-rw---- 1 root 42, 15 sty 9 20:04 /dev/tap15
crw-rw---- 1 root 42, 2 sty 9 20:04 /dev/tap2
crw-rw---- 1 root 42, 3 sty 9 20:04 /dev/tap3
crw-rw---- 1 root 42, 4 sty 9 20:04 /dev/tap4
crw-rw---- 1 root 42, 5 sty 9 20:04 /dev/tap5
crw-rw---- 1 root 42, 6 sty 9 20:04 /dev/tap6
crw-rw---- 1 root 42, 7 sty 9 20:04 /dev/tap7
crw-rw---- 1 root 42, 8 sty 9 20:04 /dev/tap8
crw-rw---- 1 root 42, 9 sty 9 20:04 /dev/tap9
╭─michael@MacBook-Pro-michael ~
╰─$ ifconfig tap1
tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
ether da:b7:5a:67:46:81
inet 10.0.75.1 netmask 0xffffff00 broadcast 10.0.75.255
media: autoselect
status: active
open (pid 25606)
╭─michael@MacBook-Pro-michael ~
╰─$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.61.136.1 UGSc 32 0 en0
10.0.75/24 link#22 UC 2 0 tap1
10.0.75.1 da:b7:5a:67:46:81 UHLWIi 4 12 lo0
10.0.75.255 ff:ff:ff:ff:ff:ff UHLWbI 0 2 tap1
10.61.136/23 link#8 UCS 17 0 en0
10.61.136.1/32 link#8 UCS 1 0 en0
10.61.136.1 0:0:5e:12:34:2 UHLWIir 34 16 en0 1183
10.61.136.2 0:0:5e:12:34:2 UHLWI 0 0 en0 1200
10.61.136.3 0:10:f3:38:de:5e UHLWI 0 0 en0 1199
10.61.136.13 f0:79:60:a1:16:6c UHLWI 0 0 en0 1174
10.61.136.22 3c:2e:ff:47:f1:4a UHLWI 0 1 en0 1165
10.61.136.26 7c:7a:91:8d:d5:97 UHLWIi 1 3 en0 1135
10.61.136.56 78:4f:43:32:ef:72 UHLWI 0 0 en0 1120
10.61.136.71 e0:aa:96:58:ab:c0 UHLWI 0 0 en0 1198
10.61.136.98/32 link#8 UCS 0 0 en0
10.61.136.116 9c:f4:8e:cb:cd:20 UHLWIi 1 1 en0 1171
10.61.136.161 link#8 UHLWI 0 0 en0
10.61.136.223 70:81:eb:ce:e8:d6 UHLWI 0 0 en0 1172
10.61.137.1 6c:27:79:3e:8c:dc UHLWI 0 0 en0 1188
10.61.137.43 c8:6f:1d:9a:b8:f4 UHLWI 0 0 en0 1110
10.61.137.58 6c:72:e7:e6:8b:f0 UHLWI 0 0 en0 1168
10.61.137.90 5c:e0:c5:7c:42:e1 UHLWI 0 0 en0 1171
10.61.137.115 64:a5:c3:52:4d:25 UHLWI 0 0 en0 1165
10.61.137.154 3c:77:e6:af:ca:a5 UHLWI 0 0 en0 1150
10.61.137.255 ff:ff:ff:ff:ff:ff UHLWbI 0 2 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 14 9720212 lo0
169.254 link#8 UCS 0 0 en0
172.16/24 10.0.75.1 UGSc 0 0 tap1
172.16.1/24 10.0.75.1 UGSc 0 5270 tap1
172.17/24 10.0.75.1 UGSc 0 22 tap1
172.20/24 192.168.95.2 UGSc 0 0 tap0
172.30/24 172.30.0.5 UGSc 1 0 utun1
172.30.0.5 172.30.0.6 UH 1 0 utun1
192.168.95 link#18 UC 2 0 tap0
192.168.95.2 link#18 UHLWIi 1 0 tap0
224.0.0/4 link#8 UmCS 2 0 en0
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en0
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI 0 8 en0
255.255.255.255/32 link#8 UCS 0 0 en0
Internet6:
Destination Gateway Flags Netif Expire
default fe80::%utun0 UGcI utun0
::1 ::1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%en5/64 link#7 UCI en5
fe80::aede:48ff:fe00:1122%en5 ac:de:48:0:11:22 UHLI lo0
fe80::aede:48ff:fe33:4455%en5 ac:de:48:33:44:55 UHLWIi en5
fe80::%en0/64 link#8 UCI en0
fe80::c6f:c89c:87a5:6af8%en0 78:4f:43:9c:3b:e1 UHLI lo0
fe80::%awdl0/64 link#10 UCI awdl0
fe80::ec70:49ff:fe9d:baf1%awdl0 ee:70:49:9d:ba:f1 UHLI lo0
fe80::%utun0/64 fe80::7cd0:b5d7:ba:232d%utun0 UcI utun0
fe80::7cd0:b5d7:ba:232d%utun0 link#16 UHLI lo0
ff01::%lo0/32 ::1 UmCI lo0
ff01::%en5/32 link#7 UmCI en5
ff01::%en0/32 link#8 UmCI en0
ff01::%awdl0/32 link#10 UmCI awdl0
ff01::%utun0/32 fe80::7cd0:b5d7:ba:232d%utun0 UmCI utun0
ff02::%lo0/32 ::1 UmCI lo0
ff02::%en5/32 link#7 UmCI en5
ff02::%en0/32 link#8 UmCI en0
ff02::%awdl0/32 link#10 UmCI awdl0
ff02::%utun0/32 fe80::7cd0:b5d7:ba:232d%utun0 UmCI utun0
╭─michael@MacBook-Pro-michael ~
╰─$ docker run --rm --privileged --pid=host --net=host alpine ifconfig
br-50afe9a59255 Link encap:Ethernet HWaddr 02:42:2A:45:55:47
inet addr:172.19.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
br-730f6807e00a Link encap:Ethernet HWaddr 02:42:92:53:88:40
inet addr:172.18.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
br-dc56e66870cb Link encap:Ethernet HWaddr 02:42:7A:75:10:1D
inet addr:172.16.1.100 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::42:7aff:fe75:101d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34478 errors:0 dropped:0 overruns:0 frame:0
TX packets:63228 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1404260 (1.3 MiB) TX bytes:84078486 (80.1 MiB)
docker0 Link encap:Ethernet HWaddr 02:42:44:50:8F:2E
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:44ff:fe50:8f2e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:121 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:4626 (4.5 KiB)
eth0 Link encap:Ethernet HWaddr 02:50:00:00:00:01
inet addr:192.168.65.2 Bcast:192.168.65.255 Mask:255.255.255.0
inet6 addr: fe80::742b:85fd:ca03:2da8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:81414 errors:0 dropped:0 overruns:0 frame:0
TX packets:43867 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:109321337 (104.2 MiB) TX bytes:2412060 (2.2 MiB)
eth1 Link encap:Ethernet HWaddr 00:A0:98:BC:F5:D7
inet addr:10.0.75.2 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::6601:3c22:955b:34fb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5831 errors:0 dropped:0 overruns:0 frame:0
TX packets:240 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:633837 (618.9 KiB) TX bytes:45558 (44.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:660 errors:0 dropped:0 overruns:0 frame:0
TX packets:660 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:40416 (39.4 KiB) TX bytes:40416 (39.4 KiB)
veth0e00eb5 Link encap:Ethernet HWaddr A6:EC:BA:54:12:27
inet6 addr: fe80::a4ec:baff:fe54:1227/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:253 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4886 (4.7 KiB) TX bytes:10206 (9.9 KiB)
veth2a8be34 Link encap:Ethernet HWaddr F6:4A:FE:5B:54:F5
inet6 addr: fe80::f44a:feff:fe5b:54f5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:260 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5544 (5.4 KiB) TX bytes:10668 (10.4 KiB)
veth2c9e2cb Link encap:Ethernet HWaddr 2A:DE:DE:9F:82:47
inet6 addr: fe80::28de:deff:fe9f:8247/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:233 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:8494 (8.2 KiB)
veth327dad6 Link encap:Ethernet HWaddr BA:8B:E3:9B:57:C7
inet6 addr: fe80::b88b:e3ff:fe9b:57c7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:254 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4886 (4.7 KiB) TX bytes:10276 (10.0 KiB)
veth7c8e220 Link encap:Ethernet HWaddr BA:96:8E:3F:A5:C7
inet6 addr: fe80::b896:8eff:fe3f:a5c7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:240 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:9064 (8.8 KiB)
vetha66749f Link encap:Ethernet HWaddr B6:A7:65:6E:3C:EB
inet6 addr: fe80::b4a7:65ff:fe6e:3ceb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34421 errors:0 dropped:0 overruns:0 frame:0
TX packets:63348 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1875038 (1.7 MiB) TX bytes:84083794 (80.1 MiB)
╭─michael@MacBook-Pro-michael ~
╰─$ docker run --rm --privileged --pid=host debian nsenter -t 1 -m -u -n -i iptables-save
# Generated by iptables-save v1.6.0 on Wed Jan 10 05:55:42 2018
*security
:INPUT ACCEPT [18856:25030703]
:FORWARD ACCEPT [97534:84594182]
:OUTPUT ACCEPT [9811:424751]
COMMIT
# Completed on Wed Jan 10 05:55:42 2018
# Generated by iptables-save v1.6.0 on Wed Jan 10 05:55:42 2018
*raw
:PREROUTING ACCEPT [116909:109732456]
:OUTPUT ACCEPT [9811:424751]
COMMIT
# Completed on Wed Jan 10 05:55:42 2018
# Generated by iptables-save v1.6.0 on Wed Jan 10 05:55:42 2018
*nat
:PREROUTING ACCEPT [570:116576]
:INPUT ACCEPT [2:168]
:OUTPUT ACCEPT [234:23685]
:POSTROUTING ACCEPT [232:23949]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.16.1.0/24 ! -o br-dc56e66870cb -j MASQUERADE
-A POSTROUTING -s 172.18.0.0/16 ! -o br-730f6807e00a -j MASQUERADE
-A POSTROUTING -s 172.19.0.0/16 ! -o br-50afe9a59255 -j MASQUERADE
-A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A DOCKER -i br-dc56e66870cb -j RETURN
-A DOCKER -i br-730f6807e00a -j RETURN
-A DOCKER -i br-50afe9a59255 -j RETURN
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 9000 -j DNAT --to-destination 172.17.0.2:9000
COMMIT
# Completed on Wed Jan 10 05:55:42 2018
# Generated by iptables-save v1.6.0 on Wed Jan 10 05:55:42 2018
*mangle
:PREROUTING ACCEPT [116909:109732456]
:INPUT ACCEPT [18856:25030703]
:FORWARD ACCEPT [97534:84594182]
:OUTPUT ACCEPT [9811:424751]
:POSTROUTING ACCEPT [107345:85018933]
COMMIT
# Completed on Wed Jan 10 05:55:42 2018
# Generated by iptables-save v1.6.0 on Wed Jan 10 05:55:42 2018
*filter
:INPUT ACCEPT [60:3000]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [134:17234]
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -o eth1 -j ACCEPT
COMMIT
# Completed on Wed Jan 10 05:55:42 2018
╭─michael@MacBook-Pro-michael ~
╰─$ docker inspect 9e6656d902bd
[
{
"Id": "9e6656d902bd414c84976353668aa0118767d1dc80f2b877f1c98cc2eec40dc3",
"Created": "2017-12-29T17:08:12.356980292Z",
"Path": "/bin/sh",
"Args": [
"-c",
"/etc/init.d/snmpd start"
],
"State": {
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 2429,
"ExitCode": 0,
"Error": "",
"StartedAt": "2018-01-09T20:15:50.725888695Z",
"FinishedAt": "2018-01-09T20:15:28.551644412Z"
},
"Image": "sha256:0f60bf459bc5d420b2c3c5760c963445f049d17a56dd08fce4f6efeadeffc7ca",
"ResolvConfPath": "/var/lib/docker/containers/9e6656d902bd414c84976353668aa0118767d1dc80f2b877f1c98cc2eec40dc3/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/9e6656d902bd414c84976353668aa0118767d1dc80f2b877f1c98cc2eec40dc3/hostname",
"HostsPath": "/var/lib/docker/containers/9e6656d902bd414c84976353668aa0118767d1dc80f2b877f1c98cc2eec40dc3/hosts",
"LogPath": "/var/lib/docker/containers/9e6656d902bd414c84976353668aa0118767d1dc80f2b877f1c98cc2eec40dc3/9e6656d902bd414c84976353668aa0118767d1dc80f2b877f1c98cc2eec40dc3-json.log",
"Name": "/compose_radiostation2_1",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "",
"ExecIDs": null,
"HostConfig": {
"Binds": [],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "compose_gua",
"PortBindings": {},
"RestartPolicy": {
"Name": "always",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": [],
"CapAdd": null,
"CapDrop": null,
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": null,
"GroupAdd": null,
"IpcMode": "shareable",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": null,
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": null,
"DeviceCgroupRules": null,
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/50e4328b8093fbd3551edd913873c8b298d638f86cbdb7234ca97ec545e446b6-init/diff:/var/lib/docker/overlay2/f916994e61ea63108c219e38f2d05f3ce66feacf890201d8987b7007953fed1a/diff:/var/lib/docker/overlay2/9b2ebf07a14983de24b413638c15e27a0619053c3d9cd931059720c7f53c6c83/diff:/var/lib/docker/overlay2/b750d1833021730e44c0c08fe8a44a67a7da3c95419d22014b082f42fb40938b/diff:/var/lib/docker/overlay2/269b61b5696b50860f72feadc493c60f25f0eb7f730061e1d5067fbbcc38909b/diff:/var/lib/docker/overlay2/0ac90fc6d858f045ebf18691d1a69f6acf5fadd1a65e812d87012da090038ffc/diff:/var/lib/docker/overlay2/3f7fc71bd3b5cc39e9d78589896797be751ef0cc5f1ab3c321afc115ebcd337d/diff:/var/lib/docker/overlay2/bd94c0cd7a9e32e9bb93af13f1048bf8d31e2b5f69336272b80e32f6089ea13e/diff:/var/lib/docker/overlay2/20aaa32edcbd16bc49dab96275fdeae4904bfdde0093db8fef6bfea67338d811/diff:/var/lib/docker/overlay2/2bc63c74b5971a6becf219316df597c402dbbbd1de07be226895f3a49c045430/diff:/var/lib/docker/overlay2/9ffccabc26a4698218c1ed6f9b887043fff4a59b2e20be60d4ee425a8a95c639/diff:/var/lib/docker/overlay2/db9cb29aef55aa2fb045e0e8bc03c904f1380b42f003710b9a7eb8b751d8a1ad/diff:/var/lib/docker/overlay2/ec49759f0f4b82851c03bc52d5b153fcd3adc63cdd18b92427a57b21accfe53f/diff:/var/lib/docker/overlay2/3b82584ca8210f01d77472c04d2b1f28fb27ad87e385b113029fb1e681b537ce/diff:/var/lib/docker/overlay2/32ea699781fb181e4113e2ff42b70d7571edbd0309e528e59c2c17fbb632cfa3/diff",
"MergedDir": "/var/lib/docker/overlay2/50e4328b8093fbd3551edd913873c8b298d638f86cbdb7234ca97ec545e446b6/merged",
"UpperDir": "/var/lib/docker/overlay2/50e4328b8093fbd3551edd913873c8b298d638f86cbdb7234ca97ec545e446b6/diff",
"WorkDir": "/var/lib/docker/overlay2/50e4328b8093fbd3551edd913873c8b298d638f86cbdb7234ca97ec545e446b6/work"
},
"Name": "overlay2"
},
"Mounts": [],
"Config": {
"Hostname": "9e6656d902bd",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"no_proxy=*.local, 194.135.82.62",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"/etc/init.d/snmpd start"
],
"ArgsEscaped": true,
"Image": "gua_sn",
"Volumes": null,
"WorkingDir": "",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"com.docker.compose.config-hash": "de2dcf5aae744e7316c50789eb0c3b913baf0e92e15e5a217a14e877be925671",
"com.docker.compose.container-number": "1",
"com.docker.compose.oneoff": "False",
"com.docker.compose.project": "compose",
"com.docker.compose.service": "radiostation2",
"com.docker.compose.version": "1.17.1"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "7ae4ad05eab65e768ecff9912cd61751b53f2a0805ff1f21543da19e004e59c4",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/7ae4ad05eab6",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"compose_gua": {
"IPAMConfig": {
"IPv4Address": "172.16.1.2"
},
"Links": null,
"Aliases": [
"radiostation2",
"9e6656d902bd"
],
"NetworkID": "dc56e66870cbb526de8345b24c4e620c0437cc95ee8015cf690eb781ba1f6190",
"EndpointID": "e2be919a8a634afb39bd64c763bb612c9fdf95a5a3da0303c836ce35805f3854",
"Gateway": "172.16.1.100",
"IPAddress": "172.16.1.2",
"IPPrefixLen": 24,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:10:01:02",
"DriverOpts": null
}
}
}
}
]
@michalciolek I think I found your issue, your destination route for the 172.16.1/24
subnet is incorrect. By setting it to 10.0.75.1
you're looping the packets back to macOS. You should set it to 10.0.75.2
so it sends them to the Docker VM instead. Let me know if you still have issues after correcting this.
UPDATE: I just noticed the documentation is incorrect and should be fixed to correct this IP address
@michalciolek Once you confirm PR #12 fixes the issue, I will merge it
Works! thank you!
I will wait 1 month for the original reporter to provide more information or I will automatically close this issue
Hi I have installed the tuntap and followed the steps mentioned here..still not able to contact the ip address of thedocker container from host..
here is the container's IP after running docker inspect <>
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
Installed tuntap and followed the steps in the document. Following is my entry to route table..
route -n add -net 172.18.0.0/16 -netmask 255.255.0.0 10.0.75.1
When I ping the container IP from host macbook, request timed out.