Hyper-V Containers - can't access IP address of containers via other hosts on the LAN

I created two Hyper-V IIS containers via the commands noted below.  Each has their own static IP address.  I can pin each of these on the Windows Container / Hyper-V host but unable to via any hosts on the same LAN.  I think it's due to my vSwitch setup.  Any ideas?

docker network create -d transparent --subnet= --gateway= TransparentNet3
docker run -d --name myIIS --network=TransparentNet3 --ip --isolation=hyperv microsoft/iis
docker run -d --name myIIS2 --network=TransparentNet3 --ip --isolation=hyperv microsoft/iis
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
Have you mapped a physical NIC to the vSwitch?  Is the Windows Firewall enabled or disabled?

gopher_49Author Commented:
I just thought of something.. I created the network above versus linking to the vSwitch I think.  I'll try that next.
gopher_49Author Commented:
You have to use networks that you create like with what I did with the command I noted above..  Below is the message I get when trying to assign to the vswitch.

docker run -d --name myIIS --network="Intel(R) 82574L Gigabit Network Connection - Virtual Switch" --ip --isolation=hyperv microsoft/iis

docker: Error response from daemon: user specified IP address is supported only when connecting to networks with user configured subnets.

Now.. I found this article.. My vSwitch was created after docker was installed.. And..  Docker can see it via the docker network ls command.. So.. NOt sure what to do.. What's the command to turn the docker container firewall off?  It's a hyper-V container and not a Windows container...
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

gopher_49Author Commented:
I even tried adding a dedicated NIC with no config on it.. Then ran the command below.  The nic is labeled 'dockers'.  This still doesn't work.  I can only access container set with static IPs in this network on the host itself.

docker network create -d transparent --subnet= --gateway= -o com.docker.network.windowsshim.interface="docker" docker
Dan McFaddenSystems EngineerCommented:
I would go thru this article, it has a straight forward step by step process.   My guess is that you have not exposed the container to the outside world.

Link:  https://hub.docker.com/r/microsoft/iis/

gopher_49Author Commented:
I'll review the link in a bit.. This is a lab so I rolled back to a clean install of Windows 2016 and started over.. Got the same results.. But.. At least know I have a clean slate to start from..  About to review your link now...  I used the below command and is accessible via IE on the Windows 2016 browser but no where else..  I'll update this ticket/thread shortly.

docker run -d --name myIIS --network="dockernet" --ip --isolation=hyperv microsoft/iis:nanoserver
gopher_49Author Commented:
I read the guide. I didn't use a docker file.. I simply ran the command I noted above.. That defaults to port 80..  And it's accessible via my Windows 2016 IE browser.. I don't think I need to even run EXPOSE 80 do I?  I plan to use port 80...  Do I have to use a docker file to be able to open up outside access?  Below is my only external vSwitch.  I'm not using that vSwitch in my docker envinroment.  I'm using the 'dockernet' that I create which is  transparent network..  So..  Isn't that all I need?  I created the 'dockernet' transparent network via this command:

docker network create -d transparent --subnet= --gateway= dockernet

Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.


Name        SwitchType NetAdapterInterfaceDescription
----        ---------- ------------------------------
nat         Internal
Layered_LAN External   vmxnet3 Ethernet Adapter

I also tried using the below commands.. The container gets an IP via DHCP, however, my external network can't ping it.. Only the host can see it.. I'm running Windows 2016 via nested mode as a ESXi v6.5 VM..  Maybe ESXi is blocking the traffic?  I know with VPN servers running inside of ESXi environments I had to enable Promiscuous mode..  

docker network create -d transparent tlan
docker run -it --network=tlan microsoft/nanoserver
gopher_49Author Commented:
As suspected.. I think this below will fix it..  I touched up on this above..  Not sure how I feel about this setting but I've had to use it in the past with virtual firewalls running VPN Servers...  That was the only way I could pass traffic...


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gopher_49Author Commented:
it ended up being Promiscious mode being a requirements.. I've ran into this with virtual firewalls and IDS/IPS VMs.. Especially VPN servers and IDS/IPS..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.