Hyper-V Containers - can't access IP address of containers via other hosts on the LAN

Have you mapped a physical NIC to the vSwitch?  Is the Windows Firewall enabled or disabled?

Dan

I just thought of something.. I created the network above versus linking to the vSwitch I think.  I'll try that next.

You have to use networks that you create like with what I did with the command I noted above..  Below is the message I get when trying to assign to the vswitch.

docker run -d --name myIIS --network="Intel(R) 82574L Gigabit Network Connection - Virtual Switch" --ip 192.168.1.246 --isolation=hyperv microsoft/iis

932cb2d050b0d5050495176f84b84340f04a212a5adc34373a7706c40d42692d
docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.

Now.. I found this article.. My vSwitch was created after docker was installed.. And..  Docker can see it via the docker network ls command.. So.. NOt sure what to do.. What's the command to turn the docker container firewall off?  It's a hyper-V container and not a Windows container...

I even tried adding a dedicated NIC with no config on it.. Then ran the command below.  The nic is labeled 'dockers'.  This still doesn't work.  I can only access container set with static IPs in this network on the host itself.

docker network create -d transparent --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o com.docker.network.windowsshim.interface="docker" docker

I would go thru this article, it has a straight forward step by step process.   My guess is that you have not exposed the container to the outside world.

Link:  https://hub.docker.com/r/microsoft/iis/

Dan

I'll review the link in a bit.. This is a lab so I rolled back to a clean install of Windows 2016 and started over.. Got the same results.. But.. At least know I have a clean slate to start from..  About to review your link now...  I used the below command and http://192.168.1.246 is accessible via IE on the Windows 2016 browser but no where else..  I'll update this ticket/thread shortly.

docker run -d --name myIIS --network="dockernet" --ip 192.168.1.246 --isolation=hyperv microsoft/iis:nanoserver

I read the guide. I didn't use a docker file.. I simply ran the command I noted above.. That defaults to port 80..  And it's accessible via my Windows 2016 IE browser.. I don't think I need to even run EXPOSE 80 do I?  I plan to use port 80...  Do I have to use a docker file to be able to open up outside access?  Below is my only external vSwitch.  I'm not using that vSwitch in my docker envinroment.  I'm using the 'dockernet' that I create which is  transparent network..  So..  Isn't that all I need?  I created the 'dockernet' transparent network via this command:

docker network create -d transparent --subnet=192.168.1.0/24 --gateway=192.168.1.1 dockernet

Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.

Get-VMSwitch

Name        SwitchType NetAdapterInterfaceDescription
----        ---------- ------------------------------
nat         Internal
Layered_LAN External   vmxnet3 Ethernet Adapter

I also tried using the below commands.. The container gets an IP via DHCP, however, my external network can't ping it.. Only the host can see it.. I'm running Windows 2016 via nested mode as a ESXi v6.5 VM..  Maybe ESXi is blocking the traffic?  I know with VPN servers running inside of ESXi environments I had to enable Promiscuous mode..  

docker network create -d transparent tlan
docker run -it --network=tlan microsoft/nanoserver

it ended up being Promiscious mode being a requirements.. I've ran into this with virtual firewalls and IDS/IPS VMs.. Especially VPN servers and IDS/IPS..