net=host mode bug under mac, container with default bridge mode can not access host opening port

[ziyouchutuwenwu]

Output of docker version:

(python2) mmcdeMacBook-Air:~ mmc$ docker version
Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 21:15:28 2016
 OS/Arch:      darwin/amd64

Server:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 21:15:28 2016
 OS/Arch:      linux/amd64

Output of docker info:

Containers: 3
 Running: 2
 Paused: 0
 Stopped: 1
Images: 3
Server Version: 1.12.0
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 23
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: host null bridge overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 4.4.15-moby
Operating System: Alpine Linux v3.4
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.954 GiB
Name: moby
ID: D3CE:BLOM:7POQ:5KMA:LIMF:PSVT:MEAQ:GNEV:4JNX:N5YW:6HCJ:QD3X
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 26
 Goroutines: 40
 System Time: 2016-07-29T16:15:59.152792247Z
 EventsListeners: 1
Registry: https://index.docker.io/v1/
Insecure Registries:
 127.0.0.0/8

Additional environment details (AWS, VirtualBox, physical, etc.):

virtualbox 5.1.2 r108956

here is my host mac network info

issue 1
Steps to reproduce the issue:

1. start a new container with -net=host mode

docker run -it --net=host edib/elixir-phoenix-dev /bin/bash
input ip address in container

Describe the results you received:

wish to see the same ip as host network interface eth0

Describe the results you expected:

host ip is 192.168.1.55, container ip is 192.168.65.xx, here is the screenshot

issue 2
Steps to reproduce the issue:

1. start a new container with default mode

docker run -it edib/elixir-phoenix-dev /bin/bash

in container run 
telnet to 172.17.0.1 8888

Describe the results you received:

8888 is my host port, listening for http request, screenshot

container telnet 172.17.0.1 failed, but  ping 172.17.0.1 runs ok

Describe the results you expected:

running container can telnet to host port, it runs ok under linux docker.

[darwink]

Any progress for this issue? We are meeting with the same issue.

[ziyouchutuwenwu]

hi, is there any time schedule? i checked it everyday, but nothing happened.

[seanhess]

I'm blocked by this issue as well.

[AlexGustafsson]

I'm experiencing the first issue as well.

Client:
 Version:      1.12.0
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   8eab29e
 Built:        Thu Jul 28 21:04:48 2016
 OS/Arch:      darwin/amd64
 Experimental: true

[dave-tucker]

In this case, --net=host is working as expected...
It's function however is not exactly intuitive on the mac ;)

The ability to set the --net, --pid, --ipc namespaces to host refers to host in the context of where the container engine is. In this case it is a Linux VM. So for every use of host, consider it to mean vm.

With that said, it would help us to understand what sort of applications need to run with --net=host so we can find a solution for this requirement.
You can always use port mapping as an alternative...
For example, docker run -p 8888:8888 will allow you to access your service at localhost:8888 from the Mac.

It might be easier to split this in to two issues to track being unable to access services running on the Mac from the container's default gateway IP address....

[AlexGustafsson]

@dave-tucker that clarifies things. Then how does one allow the container to access the mac host's interfaces (what host should mean imho)? Or is that a Linux only thing?

[djs55]

@AlexGustafsson: thanks for the clarification. Allowing the container to be accessed via a specific Mac host interface sounds entirely reasonable to me. I had hoped something like docker run -p 10.0.0.1:80:80 would work, but unfortunately it fails because -- for historical reasons -- we try to bind to 10.0.0.1:80 on both the Mac and the VM, and unfortunately the VM doesn't have the same interface as the Mac. I'll investigate fixing this.

[djs55]

@ziyouchutuwenwu to telnet to a host port, you can telnet to the default gateway (192.168.65.1). For example I can run

$ docker run -it justincormack/debian bash
Unable to find image 'justincormack/debian:latest' locally
latest: Pulling from justincormack/debian
efd26ecc9548: Pull complete
a3ed95caeb02: Pull complete
2df06b6623ba: Pull complete
Digest: sha256:4c0acbaf234244e7a565b1ed0f3bbe87561d1c0440f5e9382941eb35bb8e518a
Status: Downloaded newer image for justincormack/debian:latest
root@9833dddf1ed1:/# ssh [email protected]
The authenticity of host '192.168.65.1 (192.168.65.1)' can't be established.
ECDSA key fingerprint is cc:ce:e0:0f:03:ae:1b:be:b3:28:8b:75:40:8c:ff:e3.
Are you sure you want to continue connecting (yes/no)?

Is this sufficient for your use-case?

[ziyouchutuwenwu]

@djs55 ，thank you for your help
the actually ip gateway should be 192.168.1.1, 192.168.65.1 seems to be confused.
For users, displaying the same ip address will much better than the confused digital 65 i think.

[ziyouchutuwenwu]

not resolved for version

Version 1.12.1 (build: 12133)
2d5b4d9c3daa089e3869e6355a47dd96dbf39856

docker info
Containers: 1
 Running: 1
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 1.12.1
Storage Driver: aufs
 Root Dir: /var/lib/docker/aufs
 Backing Filesystem: extfs
 Dirs: 10
 Dirperm1 Supported: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: overlay bridge null host
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 4.4.20-moby
Operating System: Alpine Linux v3.4
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.953 GiB
Name: moby
ID: 57YZ:VNCF:YHUO:DG2H:67D2:TCYI:5FY7:FIZN:F4O7:XFAD:EGNN:3E4I
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 22
 Goroutines: 41
 System Time: 2016-09-16T21:44:52.575686599Z
 EventsListeners: 1
Registry: https://index.docker.io/v1/
Insecure Registries:
 127.0.0.0/8

docker version
Client:
 Version:      1.12.1
 API version:  1.24
 Go version:   go1.7.1
 Git commit:   6f9534c
 Built:        Thu Sep  8 10:31:18 2016
 OS/Arch:      darwin/amd64

Server:
 Version:      1.12.1
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   23cf638
 Built:        Thu Aug 18 17:52:38 2016
 OS/Arch:      linux/amd64

mac version

OS X EI Capitan
10.11.6(15G1004)

my docker test command

docker run -it --net=host  edib/elixir-phoenix-dev /bin/bash
ip address | grep 192

result is

inet 192.168.65.2/28 brd 192.168.65.15 scope global eth0

my host ip address is

192.168.1.55

[justincormack]

@ziyouchutuwenwu the resolution discussed above was not being able to use --net=host which as discussed is difficult to achieve but being able to bind specifically to a particular host interface with port publishing. We may be able to make --net=host work one day but there is currently no timetable for this, it needs significant engineering work.

[ziyouchutuwenwu]

@justincormack thank you very much, i will use port mapping instead.

[djedi-bot]

@ziyouchutuwenwu, I'm curious why its hard to bind to a host interface?

[michaeljs1990]

@justincormack thank you! I don't know why but this is the only answer I found in all the bugs on net host not currently working on docker for mac.

[torarnv]

I was very surprised to see this not working in the new shiny macOS version of Docker (working in the intuitive way, not in the "yes, strictly speaking 'host' means 'vm' on macOS").

Is there a workaround when --net=host is required for the container to do e.g. uPnP discovery of the local network? Eg: https://home-assistant.io/components/discovery/

With the old Docker I could create a bridged adapter in VirtualBox to achieve this if I remember correctly?

[whoooami]

still doesn't work for version 1.12.6.

[lzomlot]

Any update on this issue. I tried the latest docker and I still experiencing it.

[diegolaciar]

+1
same issue here.
does anybody solve it in some workaround?

[Kurdiez]

My workaround has been using the local address "host.docker.internal" as it was mentioned here.
https://docs.docker.com/docker-for-mac/networking/#httphttps-proxy-support

[JeffCorract]

Any news whether this issue is still open?

[loblab]

Seems no solution yet?
In some case, we cannot use port map (e.g. some device discovery, by broadcast... I don't know the protocol details). host mode is useful, at least, for debugging.

[netzpixel]

Any updates on this?

[snky1987]

4 years and still no response/fix?

[vrawal-qeexo]

need a fix or workaround urgently..
Why hasn't this been fixed yet ? Its been 4 years !

[ethaniel]

A temporary workaround is to install a ubuntu VM through VirtualBox, hook it up via bridge mode and THEN run the docker inside of it.

[dbux]

This response to a similar issue worked great for me. Moving from VirtualBox to xhyve was clearly a regression for networking in Docker.

[ganttee]

Running HomeBridge on Docker without Host Network Mode

[edgariscoding]

Running HomeBridge on Docker without Host Network Mode

@ganttee have you tested this?

[Tonyelo]

Hi everyone!, I tried to follow:

https://www.devwithimagination.com/2020/02/02/running-homebridge-on-docker-without-host-network-mode/

However, I got lost on the generate_sevice.sh script. Nor I understand the avahi side of things. I think I missing a few steps.

I am trying to run it on a Mac M1 silicon. Any help would appreciated. thanks!

[HunterDG]

Anyone know if macvlan interfaces are supported on Macs? (I assume not)

[ShutdownRepo]

It's been almost 6 years now that this issue is up. Isn't a doable thing for Docker team to implement a dynamic port forwarding feature between xhyve and the host in order to have --network host work as intended (in the user's perspective, no the dev's)?

[ThePragmaticArt]

Sort of baffled I just wasted hours debugging an issue that has existed for years...

[kopax-polyconseil]

Same here, but I still hope I will find a workaround, I've read some people succeed to configure a VM and use host network mode properly, not sure how to do though a tutorial would be more than welcomed.
Use case : use a macbook air as a node in a cloud cluster.

[HunterDG]

Here’s a homebridge-specific tutorial (the VM’s network adapter needs to be configured as “bridged” - and perhaps promiscuous depending on your use-case - in the VM’s configuration on the host machine).

Workaround was previously boot2docker/docker-machine. (Or just a proper Linux VM). Guessing Rancher Desktop or Colima now.

Perhaps someone will correct me.

https://www.paolomainardi.com/posts/docker-performance-macos/

[gabo-magnet]

Now with the new release 4.14.0 of Docker Desktop on Mac utilizing the Apple Virtualization Framework, it should be possible to add another network adapter featuring the bridged network aka. network_mode = host ?

https://developer.apple.com/documentation/virtualization/vzvirtualmachineconfiguration/3656724-networkdevices

Is this a big challenge? Can somebody point out the hypervisor configuration for the Apple Virtualization Framework here? :)

Also thanks for putting it in the "Considering" space of the docker-roadmap ! 👍

docker/roadmap#238 (comment)

[nicks]

going to mark this as a duplicate of docker/roadmap#238 so we have one place to track this.

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

/lifecycle locked