• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 145
  • Last Modified:

Hyper-V Containers - can't access IP address of containers via other hosts on the LAN

I created two Hyper-V IIS containers via the commands noted below.  Each has their own static IP address.  I can pin each of these on the Windows Container / Hyper-V host but unable to via any hosts on the same LAN.  I think it's due to my vSwitch setup.  Any ideas?

docker network create -d transparent --subnet=192.168.1.0/24 --gateway=192.168.1.1 TransparentNet3
docker run -d --name myIIS --network=TransparentNet3 --ip 192.168.1.246 --isolation=hyperv microsoft/iis
docker run -d --name myIIS2 --network=TransparentNet3 --ip 192.168.1.251 --isolation=hyperv microsoft/iis
0
gopher_49
Asked:
gopher_49
  • 7
  • 2
1 Solution
 
Dan McFaddenSystems EngineerCommented:
Have you mapped a physical NIC to the vSwitch?  Is the Windows Firewall enabled or disabled?

Dan
0
 
gopher_49Author Commented:
I just thought of something.. I created the network above versus linking to the vSwitch I think.  I'll try that next.
0
 
gopher_49Author Commented:
You have to use networks that you create like with what I did with the command I noted above..  Below is the message I get when trying to assign to the vswitch.

docker run -d --name myIIS --network="Intel(R) 82574L Gigabit Network Connection - Virtual Switch" --ip 192.168.1.246 --isolation=hyperv microsoft/iis

932cb2d050b0d5050495176f84b84340f04a212a5adc34373a7706c40d42692d
docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.

Now.. I found this article.. My vSwitch was created after docker was installed.. And..  Docker can see it via the docker network ls command.. So.. NOt sure what to do.. What's the command to turn the docker container firewall off?  It's a hyper-V container and not a Windows container...
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
gopher_49Author Commented:
I even tried adding a dedicated NIC with no config on it.. Then ran the command below.  The nic is labeled 'dockers'.  This still doesn't work.  I can only access container set with static IPs in this network on the host itself.

docker network create -d transparent --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o com.docker.network.windowsshim.interface="docker" docker
0
 
Dan McFaddenSystems EngineerCommented:
I would go thru this article, it has a straight forward step by step process.   My guess is that you have not exposed the container to the outside world.

Link:  https://hub.docker.com/r/microsoft/iis/

Dan
0
 
gopher_49Author Commented:
I'll review the link in a bit.. This is a lab so I rolled back to a clean install of Windows 2016 and started over.. Got the same results.. But.. At least know I have a clean slate to start from..  About to review your link now...  I used the below command and http://192.168.1.246 is accessible via IE on the Windows 2016 browser but no where else..  I'll update this ticket/thread shortly.

docker run -d --name myIIS --network="dockernet" --ip 192.168.1.246 --isolation=hyperv microsoft/iis:nanoserver
0
 
gopher_49Author Commented:
I read the guide. I didn't use a docker file.. I simply ran the command I noted above.. That defaults to port 80..  And it's accessible via my Windows 2016 IE browser.. I don't think I need to even run EXPOSE 80 do I?  I plan to use port 80...  Do I have to use a docker file to be able to open up outside access?  Below is my only external vSwitch.  I'm not using that vSwitch in my docker envinroment.  I'm using the 'dockernet' that I create which is  transparent network..  So..  Isn't that all I need?  I created the 'dockernet' transparent network via this command:

docker network create -d transparent --subnet=192.168.1.0/24 --gateway=192.168.1.1 dockernet

Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.

Get-VMSwitch

Name        SwitchType NetAdapterInterfaceDescription
----        ---------- ------------------------------
nat         Internal
Layered_LAN External   vmxnet3 Ethernet Adapter

I also tried using the below commands.. The container gets an IP via DHCP, however, my external network can't ping it.. Only the host can see it.. I'm running Windows 2016 via nested mode as a ESXi v6.5 VM..  Maybe ESXi is blocking the traffic?  I know with VPN servers running inside of ESXi environments I had to enable Promiscuous mode..  

docker network create -d transparent tlan
docker run -it --network=tlan microsoft/nanoserver
0
 
gopher_49Author Commented:
As suspected.. I think this below will fix it..  I touched up on this above..  Not sure how I feel about this setting but I've had to use it in the past with virtual firewalls running VPN Servers...  That was the only way I could pass traffic...

https://www.altaro.com/vmware/how-to-set-up-a-nested-vsphere-6-environment-part-1/
0
 
gopher_49Author Commented:
it ended up being Promiscious mode being a requirements.. I've ran into this with virtual firewalls and IDS/IPS VMs.. Especially VPN servers and IDS/IPS..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 7
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now