night0wl
commented
1 year ago I did a bit of further research on this topic.
It seems that all Lima-based solutions work in a similar way. They create a bridge100 interface on the MacOS host, and a connected interface on the VM. The name varies, e.g. col0, rd1 etc. and the subnets they use also vary.
However, I discovered that it is not necessary to use them at all, and the utun3 <-> chip0 connection created by docker-mac-net-connect can be used instead. The only thing I needed to do to was to add an iptables rule:
sudo iptables -A FORWARD -s 10.33.33.1 -p tcp -j ACCEPTI implemented this rule in the client/main.go code, but found it wasn’t working. When I dug a little deeper, I found that the reason was that the Alpine image which Colima / Rancher Desktop use, ships with a version of iptables which is using “legacy” instead of “nf_tables”. The docker image created by docker-mac-net-connect was installing a version of iptables that was using “nf_tables” and so the rules were not applying outside of the container.
To fix this, I updated the Dockerfile to include the following command
update-alternatives --set iptables /usr/sbin/iptables-legacyI built the docker container locally, and tested everything with Docker Desktop, Colima, and Rancher Desktop. All three worked just fine with this update. I will add a PR to show the changes necessary.
EDIT: PR implementing the above: https://github.com/chipmk/docker-mac-net-connect/pull/27
A number of Docker Desktop alternatives use
limaunder the hood to manage Linux VM's:colimaResearch how the networking works for these tools and find a way to get
docker-mac-net-connectto work seamlessly with them.Related: