dockerdocker-compose

Docker container on Mac cannot reach local network devices


I’m trying to connect a Docker container running on my MacBook to a server on my local network with IP address 192.168.1.60. However, the container is unable to reach the server. Here are the details of my setup and the steps I have tried:

Setup:

•   Host machine: MacBook running Docker Desktop.
•   Target server: Another machine on the local network with IP address 192.168.1.60.
•   Docker container: Needs to connect to the server at 192.168.1.60.

What I Tried:

Creating a Bridge Network:

I created a custom bridge network using the following command:

docker network create --driver=bridge --subnet=192.168.1.0/24 my_custom_network

Then, in my docker-compose.yml file, I configured the service to use this network:

services:
  server:
    build:
      context: .
      dockerfile: docker/dev/Dockerfile
    ports:
      - "9191:9191"
    volumes:
      - .:/usr/src/app
    networks:
      - my_custom_network

networks:
  my_custom_network:
    external: true
    name: my_custom_network

However, this setup did not allow my container to reach devices on my LAN network. When I tried to ping the server (192.168.1.60) from inside the container, I got:

# ping 192.168.1.60
PING 192.168.1.60 (192.168.1.60) 56(84) bytes of data.
From 192.168.1.4 icmp_seq=1 Destination Host Unreachable
From 192.168.1.4 icmp_seq=2 Destination Host Unreachable
From 192.168.1.4 icmp_seq=3 Destination Host Unreachable

Using Host Network Mode
I then tried setting network_mode: host in my docker-compose.yml and removed the networks part:

services:
  server:
    build:
      context: .
      dockerfile: docker/dev/Dockerfile
    ports:
      - "9191:9191"
    volumes:
      - .:/usr/src/app
    network_mode: host

However, even with network_mode: host, my container still cannot ping or reach the server (192.168.1.60), because I get this response:

# ping 192.168.1.60
PING 192.168.1.60 (192.168.1.60) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable

What I Want to Achieve

I want the container running on my MacBook to communicate with other devices on my home LAN network, such as the server at 192.168.1.60.

I'm not sure how to get this to work at the moment. Any help or guidance would be greatly appreciated!


Solution

  • Delete all of the manual configuration you show in the question. Do not try to assign the Docker network the host's IP range; do not disable Docker networking with network_mode: host.

    version: '3.8'
    services:
      server:
        build:
          context: .
          dockerfile: docker/dev/Dockerfile  # (consider moving Dockerfile to top of directory tree so it will be in default location)
        ports:
          - "9191:9191"
        volumes:
          - .:/usr/src/app                   # (consider removing, makes container setup non-reproducible)
        # no networks: or network_mode:
    

    Internally within Docker, each container has its own hidden IP address, and each Docker network has a corresponding CIDR block. Docker provides a network address translation (NAT) mechanism, so containers that make outbound calls mostly look like they're calling from the host system, and generally can reach all of the same places the host system can.

    In particular: if you're calling another service on the local network by IP address, you need no configuration at all. This setup works with default settings.

    Your first attempt gives the Docker-internal network the same CIDR block 192.168.1.0/24 as the host network, but these are different networks. When the container tries to contact 192.168.1.60, it finds the Docker network and not the host network, and the remote device doesn't exist on the Docker network.

    network_mode: host completely disables Docker's networking layer, and is almost never necessary. You describe a MacOS host, which means you need some sort of Linux VM to run containers; Docker Desktop provides a hidden VM for you. In this environment "host networking" actually means the hidden VM's hidden network, which isn't what you want. To a first approximation host networking doesn't work at all on Docker Desktop or other VM-based setups.

    In a comment you describe manually creating a network. This is necessary using plain docker run commands, but Compose will automatically create a network named default for you. For almost all applications this automatic default network is fine, and you can safely delete all of the networks: blocks in the entire Compose file.