Docker Bridge Network problem
59 views
Skip to first unread message
Sorcerer Stone
Apr 14, 2020, 4:48:36 PM4/14/20
to Vagrant
OS is Win10pro with HyperV disabled.
Work environment is: Win10 (HostOS) =>Vagrant (Ubuntu GuestOS)/VirtualBox => docker
I am trying to setup a bridge network for docker containers. When I configured such network and initiated a Vagrant Up, I got error back say essentially
"Stderr: VBoxManage.exe: error: A NAT rule of this name already exists
VBoxManage.exe: error: Details: code E_INVALIDARG (0x80070057), component NATEngineWrap, interface INATEngine, callee IUnknown
VBoxManage.exe: error: Details: code E_INVALIDARG (0x80070057), component NATEngineWrap, interface INATEngine, callee IUnknown
...
"
I googled and found this brief post: https://github.com/hashicorp/vagrant/issues/6268
In the last comment by someone named mitchellh,
He said NIC1 in docker has to be NAT
and
he said this requirement will be removed "one day"
The above post was 2015.
Has this restriction imposed by Vagrant lifted?
I am using the latest Vagrant for my WinOS and I am experiencing this limitation.
I need to use a bridge network to test something or to understand why I can send data from containers to app on Windows host but not the other way around. Want to see what happen if I use a bridge network instead of NAT.
Also, under Vagrant, if bridge network is not allow in NIC1, does it mean the same is true Network Adapter 2, 3, & 4?
Does Vagrant allow NAT Network option instead?
Thanks in advance.
Dennis Chang
Apr 17, 2020, 12:06:44 AM4/17/20
to Vagrant
Hi Sorcerer Stone,
Inside your VM, if you run command `docker network ls` you'll see that you have a bridge network. If you run `ifconfig -a` in your VM, you'll also see the docker0 interface (interface to your bridge network). I don't really understand what you are trying to do, but `vagrant up` should have nothing to do with a docker bridge. I'm guess that you are talking about a "bridged adapter" when setting up a VM? If you are talking about a bridged adapter, this means the VM gets an IP on the same subnet as the Host.
So taking the two together (I'm guessing at what you are trying to do), you cannot give a docker container an IP on the same subnet as your host. You can only do port forwarding such that the docker container exposes its service to the VM (which is also on the same subnet as your host) and therefore you can reach the docker container service from your host.
I hope that make sense.
Sorcerer Stone
Apr 19, 2020, 2:10:11 AM4/19/20
to Vagrant
Dennis,
This is what I am trying to do.
I am trying to understand how an app works and to see how files from that type of app are being transfer.
In my vagrantfile,
1/ I setup a private network IP: 192.168.33.10 & port forwarded host: 4241 guest: 4242
where Host is Win10 (with HyperV disabled) & Guest is Ubuntu 18.4 - all with latest updates.
I attached my vagrantfile for your reference & why I think my problem most likely come from (my lack of understanding on) the vagrant side.
The vagrantfile calls a docker compose file which in turn, defines what containers to pull/run for the app.
The app uses port 4242 by default. Hence I port forwarded 4241 on the host side (see reason below).
I have the same app (itself using port 4242 by default) that is installed using msi file in Windows and configured to send and receive files from its docker equivalent described above.
To simplify, let the Win host app be AppWin and its docker counterpart be AppDock.
I have problem sending files from the AppWin to AppDock.
However, I have no problem sending files from AppDock to AppWin.
AppDock config file points to the IP address of AppWin which is the IP Address of the host computer (I attached the output of my ipconfig for your reference).
As to your comment on subnet. The subnet which AppDock reside is different from the subnet which AppWin is on (I attached the output of my ifconfig for your reference).
On the VirtualBox side, I have setup 2 global Host-Only Ethernet Adapters (#2 & #3 with IP 192.168.29.1 & 192.168.33.1 respectively) There is a 3rd Host-Only Ethernet Adapter (with IP=192.168.56.1 but I have problem using it). I attached a screenshot of this setup for your reference (GlobalNetwork.jpg).
The network setup for AppDock, is: Adapter 1 uses NAT & with port forwarding, as shown in the attached screenshot (NAT & PortForwarding.jpg). Adapter 2 uses Host-Only Adapter on Ethernet Adapter #3 described above (HostOnlyAdapter.jpg).
So here is my issue.
I config AppDock to send file to the port # of AppWin on host IP: 192.168.1.25
The fact that files can be send from the docker containers using the host OS IP address means that part of the networking from docker to host is working
The other half of the networking that is not working is from the host side to the docker.
From the vagrantfile I attached, there is a private network IP set up (192.168.33.10). And from the docker's perspective, it can see this IP address as since from the attached ifconfig output. I can ping this IP address from the shell inside the docker environment.
The AppWin is configure using 192.168.33.10 and pointing to port 4241 (I also tried 4242 - see my port forwarding config in NAT & PortForwarding.jpg)
It failed to send anything. From the log in AppWin, it registered this error: Peer aborted Association (or never connected)
So, my question is this:
What IP address should I use on the host side so that I can configure AppWin to communicate with AppDoc?
It definitely is not the IP address of the private network stated in my vagrantfile.
Additional reference. I attached the file, bridge_network.txt, which shows the network in my docker and the containers for this AppDock inside the vagrant_default bridge network.
From this file, you can see the AppDock has an internal IP: 172.18.0.5 But this internal IP cannot be access from the host directly.
That is the core of my problem.
What IP should I use in order to send files from Host to the container in Guest?
How should I modify the vagrantfile in order to achieve this?
Thanks in advance.
Sorcerer
This is what I am trying to do.
I am trying to understand how an app works and to see how files from that type of app are being transfer.
In my vagrantfile,
1/ I setup a private network IP: 192.168.33.10 & port forwarded host: 4241 guest: 4242
where Host is Win10 (with HyperV disabled) & Guest is Ubuntu 18.4 - all with latest updates.
I attached my vagrantfile for your reference & why I think my problem most likely come from (my lack of understanding on) the vagrant side.
The vagrantfile calls a docker compose file which in turn, defines what containers to pull/run for the app.
The app uses port 4242 by default. Hence I port forwarded 4241 on the host side (see reason below).
I have the same app (itself using port 4242 by default) that is installed using msi file in Windows and configured to send and receive files from its docker equivalent described above.
To simplify, let the Win host app be AppWin and its docker counterpart be AppDock.
I have problem sending files from the AppWin to AppDock.
However, I have no problem sending files from AppDock to AppWin.
AppDock config file points to the IP address of AppWin which is the IP Address of the host computer (I attached the output of my ipconfig for your reference).
As to your comment on subnet. The subnet which AppDock reside is different from the subnet which AppWin is on (I attached the output of my ifconfig for your reference).
On the VirtualBox side, I have setup 2 global Host-Only Ethernet Adapters (#2 & #3 with IP 192.168.29.1 & 192.168.33.1 respectively) There is a 3rd Host-Only Ethernet Adapter (with IP=192.168.56.1 but I have problem using it). I attached a screenshot of this setup for your reference (GlobalNetwork.jpg).
The network setup for AppDock, is: Adapter 1 uses NAT & with port forwarding, as shown in the attached screenshot (NAT & PortForwarding.jpg). Adapter 2 uses Host-Only Adapter on Ethernet Adapter #3 described above (HostOnlyAdapter.jpg).
So here is my issue.
I config AppDock to send file to the port # of AppWin on host IP: 192.168.1.25
The fact that files can be send from the docker containers using the host OS IP address means that part of the networking from docker to host is working
The other half of the networking that is not working is from the host side to the docker.
From the vagrantfile I attached, there is a private network IP set up (192.168.33.10). And from the docker's perspective, it can see this IP address as since from the attached ifconfig output. I can ping this IP address from the shell inside the docker environment.
The AppWin is configure using 192.168.33.10 and pointing to port 4241 (I also tried 4242 - see my port forwarding config in NAT & PortForwarding.jpg)
It failed to send anything. From the log in AppWin, it registered this error: Peer aborted Association (or never connected)
So, my question is this:
What IP address should I use on the host side so that I can configure AppWin to communicate with AppDoc?
It definitely is not the IP address of the private network stated in my vagrantfile.
Additional reference. I attached the file, bridge_network.txt, which shows the network in my docker and the containers for this AppDock inside the vagrant_default bridge network.
From this file, you can see the AppDock has an internal IP: 172.18.0.5 But this internal IP cannot be access from the host directly.
That is the core of my problem.
What IP should I use in order to send files from Host to the container in Guest?
How should I modify the vagrantfile in order to achieve this?
Thanks in advance.
Sorcerer
Dennis Chang
Apr 19, 2020, 3:15:02 PM4/19/20
to Vagrant
The problem I see is that port-forwarding happens at two levels.
When you port-forward between the VM and the host, you're making any service available on the VM available on the host.
However, when you do port-forwarding between docker (i.e. docker-compose) and the VM you are making a docker service available to the VM (but not to the host!!).
So I would suggest you do the following,
1. `netstat -tlpn` from within the VM. What does it say? Is AppDock and AppWin accessible from the VM? I.e. docker-compose will tell you what ports you are exporting (making available to the VM). Also notice the IP to which the port is exported. If it's 127.0.0.1 then it will not be exported beyond the VM.
2. If port 4241 and 4242 are exported to all interfaces, i.e. 0.0.0.0, then Vagrantfile should port-forward the same ports from the VM to the host.
Then you should be able to access the Docker container from the host.
I hope that helps.
Sorcerer Stone
Apr 19, 2020, 6:01:19 PM4/19/20
to Vagrant
Hello Dennis,
Thanks for the tips. Based on what you told me, I found something disturbing. I have googled for solution but maybe I am not keying in the right words, I found nothing to solve this problem (below).
I attached 2 files for your inspection. My vagrantfile (same as the one I sent yesterday) and the output of the netstat command (netstat_missingports.txt). I have attached the ifconfig in my previous post if you want to look at it.
First the vagrantfile:
line 37: I have port forwarded port 443 from guest to port 9443 at host
line 38: I have port forwarded port 80 from guest to port 9080 at host
line 39: I have port forwarded port 4242 from guest to port 4241 at host
As confirmation, I reattached the screenshot of the network setting in the VirtualBox VM for AppDock. The image, NAT & PortForwarding.jpg, shows VM does "see" all the 3 forwarded ports.
Now, when I did the netstat command as you advised (refer to the attached file netstat_missingports.txt), port 4242 is glaringly missing! No wonder nothing is going from the host side to the VM.
Would you have any suggestion as to how I need to modify the vagrantfile in order for port 4242 to be forwarded?
Also, I am not clear what you said about "when you do port-forwarding between docker (i.e. docker-compose) and the
VM you are making a docker service available to the VM (but not to the
host!!)." Can you elaborate a bit more?
Isn't the port forwarding statements in my vagrantfile is telling the VM routing the relevant ports between the host and the guest?
I can access the AppDock using its UI via port 9443. So that port is working.
Also, as I mentioned before, from the UI of the AppDock VM, I can send data to the AppWin using the port # of AppWin and the IP address of my host computer (aka not the private network IP address stated in my vagrantfile) & the AppWin received this data.
How can this happen?
Thanks in advance.
Sorcerer
Dennis Chang
Apr 19, 2020, 6:45:12 PM4/19/20
to Vagrant
Hi Sorcerer Stone,
So the netstat output and the `docker container ls` helps us understand what is happening. So I'll repeat the details here.
a567856275d4 ohif/viewer:v1.x "pm2-runtime app.json" 2 days ago Up About a minute 3000/tcp ohif 948af342718c jodogne/orthanc-plugins:latest "Orthanc /etc/orthan…" 2 days ago Up About a minute 4242/tcp, 8042/tcp orthanc 003ba380169e postgres:latest "docker-entrypoint.s…" 2 days ago Up About a minute 5432/tcp db_orthanc 701123a4caa7 mongo:latest "docker-entrypoint.s…" 2 days ago Up About a minute 27017/tcp db_ohif f00c419b32ba nginx:latest "nginx -g 'daemon of…" 2 days ago Up About a minute 0.0.0.0:9080->80/tcp, 0.0.0.0:9443->443/tcp nginx
You have 5 docker containers. And only nginx is doing port-forwarding. nginx is in fact a reverse proxy, meaning that most likely you're accessing nginx in order to contact all the other containers. Therefore, if you can access 9443 and 9080 from the VM then you're good (from the perspective of the VM).
So you'll notice that the docker container with image name jodogne/orthanc-plugins:latest is listening on port 4242 (but it's not forwarding port 4242!). I believe you're calling this container "AppDock" (and AppWin is running on the host). As you can see by the container, it is not forwarding the port. You should check the nginx container and see if it is proxying communication to AppDock. So basically, the host "AppWin" cannot reach docker container "AppDock" because how is it supposed to reach it?
Basically, AppDock needs to do port-forwarding (so that the VM can reach the container) or AppWin should try to go through the reverse proxy, nginx, to reach the docker container service listening on port 4242.
Sorcerer Stone
Apr 20, 2020, 9:45:21 AM4/20/20
to Vagrant
Dennis,
Thanks pointing out the obvious problem that has been staring at me & I failed to pick it up.
You are 100% correct. I have to port forward from the AppDock container service.
After I did that, now I am able to send data from AppWin on Desktop to AppDock in Docker.
I thought it was the vagrant that caused my problem after I tried to eliminate all the possibilities - except the port forwarding part.
Thanks again.
Sorcerer
Dennis Chang
Apr 21, 2020, 12:06:06 PM4/21/20
to Vagrant
I'm happy you got it working now. :)
Reply all
Reply to author
Forward
0 new messages