Link to home
Create AccountLog in
Avatar of gopher_49

asked on

Hyper-V Containers - can't access IP address of containers via other hosts on the LAN

I created two Hyper-V IIS containers via the commands noted below.  Each has their own static IP address.  I can pin each of these on the Windows Container / Hyper-V host but unable to via any hosts on the same LAN.  I think it's due to my vSwitch setup.  Any ideas?

docker network create -d transparent --subnet= --gateway= TransparentNet3
docker run -d --name myIIS --network=TransparentNet3 --ip --isolation=hyperv microsoft/iis
docker run -d --name myIIS2 --network=TransparentNet3 --ip --isolation=hyperv microsoft/iis
Avatar of Dan McFadden
Dan McFadden
Flag of United States of America image

Have you mapped a physical NIC to the vSwitch?  Is the Windows Firewall enabled or disabled?

Avatar of gopher_49


I just thought of something.. I created the network above versus linking to the vSwitch I think.  I'll try that next.
You have to use networks that you create like with what I did with the command I noted above..  Below is the message I get when trying to assign to the vswitch.

docker run -d --name myIIS --network="Intel(R) 82574L Gigabit Network Connection - Virtual Switch" --ip --isolation=hyperv microsoft/iis

docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.

Now.. I found this article.. My vSwitch was created after docker was installed.. And..  Docker can see it via the docker network ls command.. So.. NOt sure what to do.. What's the command to turn the docker container firewall off?  It's a hyper-V container and not a Windows container...
I even tried adding a dedicated NIC with no config on it.. Then ran the command below.  The nic is labeled 'dockers'.  This still doesn't work.  I can only access container set with static IPs in this network on the host itself.

docker network create -d transparent --subnet= --gateway= -o"docker" docker
I would go thru this article, it has a straight forward step by step process.   My guess is that you have not exposed the container to the outside world.


I'll review the link in a bit.. This is a lab so I rolled back to a clean install of Windows 2016 and started over.. Got the same results.. But.. At least know I have a clean slate to start from..  About to review your link now...  I used the below command and is accessible via IE on the Windows 2016 browser but no where else..  I'll update this ticket/thread shortly.

docker run -d --name myIIS --network="dockernet" --ip --isolation=hyperv microsoft/iis:nanoserver
I read the guide. I didn't use a docker file.. I simply ran the command I noted above.. That defaults to port 80..  And it's accessible via my Windows 2016 IE browser.. I don't think I need to even run EXPOSE 80 do I?  I plan to use port 80...  Do I have to use a docker file to be able to open up outside access?  Below is my only external vSwitch.  I'm not using that vSwitch in my docker envinroment.  I'm using the 'dockernet' that I create which is  transparent network..  So..  Isn't that all I need?  I created the 'dockernet' transparent network via this command:

docker network create -d transparent --subnet= --gateway= dockernet

Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.


Name        SwitchType NetAdapterInterfaceDescription
----        ---------- ------------------------------
nat         Internal
Layered_LAN External   vmxnet3 Ethernet Adapter

I also tried using the below commands.. The container gets an IP via DHCP, however, my external network can't ping it.. Only the host can see it.. I'm running Windows 2016 via nested mode as a ESXi v6.5 VM..  Maybe ESXi is blocking the traffic?  I know with VPN servers running inside of ESXi environments I had to enable Promiscuous mode..  

docker network create -d transparent tlan
docker run -it --network=tlan microsoft/nanoserver
Avatar of gopher_49

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
it ended up being Promiscious mode being a requirements.. I've ran into this with virtual firewalls and IDS/IPS VMs.. Especially VPN servers and IDS/IPS..