Access docker internal network

[jarias]

Hi, first great project :+1:

In boot2docker using virtualbox if I want access to the the docker internal network 172.17.0.0/16 (default) I can simply create a route on my Mac

sudo route -n add 172.17.0.0/16 $(b2d ip)

If I try the same but with the xhyve VM IP address, but the traffic is not properly routed, for example if I ping a container IP from my Mac I get timeout.

Strangely enough if I look at the packets from the docker container using ifconfig it looks like they are coming through even if they are not really.

Hope it makes sense, I know accessing the docker internal network is not a common thing, but I have my specific use cases.

How to tests this (again this same example works fine using virtualbox/boot2docker):

sudo ./xhyverun.sh
#Login get the IP address

#Run a container
docker run -ti gliderlabs/alpine /bin/sh
#Get the container IP Address

#Add the route on the Mac
sudo route -n add 172.17.0.0/16 THE_VM_IP_ADDRESS

#Ping from the Mac to the container
ping THE_CONTAINER_IP

[jarias]

Also if I use a tap device using virtio-tap instead of virtio-net It works fine but I don't want to do the dance of opening the tap device assigning an IP to it, then assign an IP to the eth0 device in the VM etc, etc.

[ailispaw]

It looks like an issue or behavior of vmnet.framework which xhyve uses for virtio-net. It happens not only on boot2docker, but also rancheros-lite with xhyve. I think you had better to open an issue at https://github.com/mist64/xhyve. Thanks.

[jarias]

Thanks, I wish we can move tickets easily between projects :smile:

[jarias]

Here is the xhyve ticket in case you want to track its progress

https://github.com/mist64/xhyve/issues/42

[ailispaw]

@jarias Thanks for your understanding and using boot2docker-xhtve BTW.

[ailispaw]

I found something. vmnet uses pf. I gues that pfctl may be a tool to solve this isuue.

[jarias]

I check to see if there where any special rules vmnet creates but couldn't found any, I'll keep researching. Thanks for the info

[ailispaw]

I got this.

$ sudo route -n add 172.17.0.0/16 192.168.64.3
add net 172.17.0.0: gateway 192.168.64.3
$ ifconfig bridge100
bridge100: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=3<RXCSUM,TXCSUM>
    ether 62:c5:47:d0:6b:64
    inet 192.168.64.1 netmask 0xffffff00 broadcast 192.168.64.255
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en4 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 10 priority 0 path cost 0
    Address cache:
        16:c1:b5:29:cf:32 Vlan1 en4 1187 flags=0<>
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
$ sudo ifconfig bridge100 -hostfilter en4
$ ping 172.17.0.1
PING 172.17.0.1 (172.17.0.1): 56 data bytes
64 bytes from 172.17.0.1: icmp_seq=0 ttl=63 time=0.395 ms

It works!

[jarias]

:+1: Cool thanks

[VGerris]

can anyone please post the comment or action on how to have the bridge show up? thank you