Comments (33)
hi, your problem occurs because when the curl command is executed the dockerhost container is not ready. To verify this you can just add restart: always
to your test container and you will see after some seconds curl command is working as expected.
icmp is working because you got an pong from the dockerhost container not from the real docker host.
Possible solutions:
- wait some seconds before you execute the curl command
- start dockerhost container
docker-compose up -d dockerhost
first wait some seconds ramp up the restdocker-compose up -d
from docker-host.
No, it does not work at all:
$ docker-compose up -d dockerhost
Starting dockerhost_dockerhost_1 ... done
[pasha@2 dockerhost]$ sleep 30
[pasha@2 dockerhost]$ docker-compose up -d
dockerhost_dockerhost_1 is up-to-date
Starting dockerhost_nginx-for-test_1 ... done
Starting dockerhost_test_1 ... done
[pasha@2 dockerhost]$ d logs dockerhost_test_1
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: dockerhost
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to dockerhost port 8888: Host is unreachable
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to dockerhost port 8888: Host is unreachable
from docker-host.
Strange which host system do you use? I'm working on a macOS system.
from docker-host.
please try
docker-compose up -d nginx-for-test dockerhost
sleep 10
docker-compose up test
from docker-host.
can you provide some more details?
docker engine version docker compose version and os version
from docker-host.
$ docker-compose up -d nginx-for-test dockerhost
dockerhost_dockerhost_1 is up-to-date
dockerhost_nginx-for-test_1 is up-to-date
[pasha@2 dockerhost]$ sleep 10
[pasha@2 dockerhost]$ docker-compose up test
Starting dockerhost_test_1 ... done
Attaching to dockerhost_test_1
test_1 | % Total % Received % Xferd Average Speed Time Time Time Current
test_1 | Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to dockerhost port 8888: Host is unreachable
dockerhost_test_1 exited with code 7
$ docker info
Containers: 49
Running: 18
Paused: 0
Stopped: 31
Images: 72
Server Version: 18.06.1-ce
Storage Driver: zfs
Zpool: main-zpool
Zpool Health: ONLINE
Parent Dataset: main-zpool/docker.zfs
Space Used By Parent: 55761072128
Space Available: 170979868544
Parent Quota: no
Compression: lz4
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 4.19.7-300.fc29.x86_64
Operating System: Fedora 29 (Twenty Nine)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 31.15GiB
Name: 2.hubbitus.taskdata
ID: HAKG:KAES:UGRG:IVGW:LR4F:MJGA:25UX:HV77:WXLS:B6OL:OSSE:2MPR
Docker Root Dir: /mnt/docker.zfs
Debug Mode (client): false
Debug Mode (server): false
Username: hubbitus
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
I run it on Fedora Linux box
from docker-host.
$ docker-compose logs dockerhost
Attaching to dockerhost_dockerhost_1
dockerhost_1 | Docker Host: 172.22.0.1 (default gateway)
dockerhost_1 | Docker Host: 172.22.0.1 (default gateway)
dockerhost_1 | Docker Host: 172.22.0.1 (default gateway)
from docker-host.
actually I have no clue why it does not work for you :/
from docker-host.
I did some research and it seems to be a fedora related problem.
when Execute the iptable
command within a container on a fedora host I got the error iptables: No chain/target/match by that name.
This seems to be caused by missing/not loaded kernel modules
To fix it you have to load them on fedora host
sudo modprobe xt_nat
sudo modprobe xt_multiport
after I run those commands its working again
from docker-host.
Could you please dump your iptables
rules?
from docker-host.
# lsmod | grep xt_
xt_multiport 16384 2
xt_nat 16384 76
xt_addrtype 16384 2
xt_CHECKSUM 16384 1
xt_conntrack 16384 30
nf_nat 36864 3 nf_nat_ipv6,nf_nat_ipv4,xt_nat
nf_conntrack 163840 7 xt_conntrack,nf_nat,nf_nat_ipv6,ipt_MASQUERADE,nf_nat_ipv4,xt_nat,nf_conntrack_netlink
Modules loaded, but I still get same result:
$ docker-compose up test
Starting dockerhost_test_1 ... done
Attaching to dockerhost_test_1
test_1 | % Total % Received % Xferd Average Speed Time Time Time Current
test_1 | Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) Failed to connect to dockerhost port 8888: Host is unreachable
On which command did you got error with iptables
?
from docker-host.
What also may be interesting, I also do some experiments. If I run container-listener in host network mode
, it works!
version: '2'
networks:
some-net:
driver: bridge
services:
# On host do: curl http://localhost:8080 and you get result
web-for-test:
image: andrius/ifconfig.co
ports:
- "8888:8080"
network_mode: "host" # <-!!!!
dockerhost:
image: qoomon/docker-host
cap_add: [ 'NET_ADMIN', 'NET_RAW' ]
restart: on-failure
networks:
- some-net
test:
image: appropriate/curl
entrypoint: sh
command: -c 'sleep 1 && curl -sS http://dockerhost:8080'
networks:
- some-net
$ docker-compose up
dockerhost_web-for-test_1 is up-to-date
Recreating 97c9302c71c7_dockerhost_test_1 ...
Recreating 97c9302c71c7_dockerhost_test_1 ... done
Attaching to dockerhost_web-for-test_1, dockerhost_dockerhost_1, dockerhost_test_1
test_1 | 192.168.0.2
web-for-test_1 | ipd: Enabling reverse lookup
web-for-test_1 | ipd: Listening on http://:8080
web-for-test_1 | ipd: Enabling reverse lookup
web-for-test_1 | ipd: Listening on http://:8080
dockerhost_1 | Docker Host: 192.168.0.1 (default gateway)
dockerhost_1 | Docker Host: 192.168.0.1 (default gateway)
dockerhost_1 | Docker Host: 192.168.0.1 (default gateway)
dockerhost_1 | Docker Host: 192.168.0.1 (default gateway)
dockerhost_1 | Docker Host: 192.168.0.1 (default gateway)
dockerhost_1 | Docker Host: 192.168.0.1 (default gateway)
dockerhost_1 | Docker Host: 192.168.0.1 (default gateway)
dockerhost_test_1 exited with code 0
In that case I can't map ports and change it on 8080 according to listener in container.
But still does not work for ports exposed by other containers from different networks (initial docker-compose.yml
).
from docker-host.
I tested it with this image https://getfedora.org/en_GB/atomic/download/download-cloud-splash?file=https://download.fedoraproject.org/pub/alt/atomic/stable/Fedora-29-updates-20181210.0/AtomicHost/x86_64/images/Fedora-AtomicHost-Vagrant-29-20181210.0.x86_64.vagrant-virtualbox.box
from docker-host.
sudo iptables --list-rules
output:
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION -j RETURN
from docker-host.
It seems to be a fedora specific issue, I'm not used to fedora so I need help for solving this
from docker-host.
Does it works on Fedora in same way for you?
from docker-host.
Yes it does, however I used the atomic host version of fedora, maybe that's why.
from docker-host.
Closed due to inactivity.
from docker-host.
Why??
from docker-host.
I experience the same issue on linux Mint (Ubuntu) host.
I did some trial and error and I think the problem is somewhere with docker on linux.
I tried the absolute minimum by running
# executed inside docker container shell
telnet $(ip -4 route show default | cut -d' ' -f3) 22
I'm able to get connection to my host ssh service running on port 22.
now, if I run nginx container on host port 8888. I can access the port 8888 from host machine without problem.
But I can't access the same port 8888 from another container using the same technique as before.
# executed inside docker container shell
telnet $(ip -4 route show default | cut -d' ' -f3) 8888
doesn't work on linux host.
I've also tested it on macOS Mojave and both scenarios above work. (using docker.host.internal
)
In last few weeks I found that docker networking on Docker for Mac app and on docker for linux don't work the same and they both have quite a few different unexpected limitations like this one.
from docker-host.
@mojeto maybe it has something to do with the well-known-port range?
from docker-host.
@mojeto could you provide the output of docker ps
for your nginx container?
from docker-host.
docker-compose file I used for the test
version: '3.7'
services:
# On host do: curl http://localhost:8080 and you get result
nginx-for-test:
image: nginx
ports:
- "8888:80"
test:
image: nicolaka/netshoot
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2a38470c1b3c nginx "nginx -g 'daemon of…" 5 minutes ago Up 5 minutes 0.0.0.0:8888->80/tcp test2_nginx-for-test_1_806f155b6b9b
from docker-host.
@mojeto could you try to bin your nginx to port 20 or 21 so we can check if its related to well known port range?
from docker-host.
@mojeto maybe its related to the firewall settings like in this post https://forums.docker.com/t/no-route-to-host-network-request-from-container-to-host-ip-port-published-from-other-container/39063/6
from docker-host.
@mojeto may you can have a look at /etc/hosts.allow
and /etc/hosts.deny
and post the content?
from docker-host.
I just run Mint Linux in an Virtualbox and I've had no problems at all, everything works as described in the README.md
from docker-host.
Closed due to inactivity.
from docker-host.
@mojeto may you can have a look at
/etc/hosts.allow
and/etc/hosts.deny
and post the content?
I could post it. From what container?
from docker-host.
I reset my firewall settings to Linux Mind defaults and re-created the docker network. Everything works as it should, after that. I agree with @qoomon the issue is most likely caused by custom firewall rule.
@mojeto may you can have a look at /etc/hosts.allow and /etc/hosts.deny and post the content?
My hosts config files are empty
cat /etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
from docker-host.
My host system does not have such files:
# cat /etc/hosts.allow
cat: /etc/hosts.allow: No such file or directory
# cat /etc/hosts.deny
cat: /etc/hosts.deny: No such file or directory
from docker-host.
I think I can not help. It is some setup/firewall stuff within you OS it is not related to this docker image I think. Sorry dude.
from docker-host.
@Hubbitus Can you check if you firewalld service:
$ sudo systemctl status firewalld
If it is running, then try to disable it and reboot.
$ sudo systemctl disable firewalld
$ reboot
It helped me. In the status of firewalld there were many warnings related to iptables for docker.
from docker-host.
Related Issues (20)
- weird IP returned by getent HOT 7
- pass docker socket and auto determine host ip HOT 6
- Cant find dockerhost HOT 6
- Setup Home Assistant on Mac using Docker-Host HOT 7
- Is it possible to use with Docker Swarm ? HOT 2
- Cant get it running on with docker compose 3.7 on ubuntu linux HOT 4
- How to forward to other server/ip? HOT 1
- Build for ARM HOT 8
- Pointing custom hostname to docker-host HOT 2
- setup correctly connection from container to Docker API HOT 6
- allow access to other resources on host network? HOT 4
- Can't reach database server at `dockerhost` HOT 5
- Can't get it to work with `sam local` HOT 3
- Latest Update Causes Issues on Docker For Mac HOT 8
- docker-host fails to start sometimes HOT 2
- Docker-host container takes ~10 seconds to shut down in docker compose HOT 4
- Container does not work on linux rootless HOT 5
- Startup error on macOS HOT 10
- Add platform ppc64le support HOT 2
- Depreciated? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-host.