We have a couple docker containers deployed on ECS. The application inside the container uses remote service, so it needs to access them using their 10.X.X.X
private IPs.
We are using Docker 1.13 with CentOS 7 and docker/alpine as our base image. We are also using netwokMode: host
for our containers. The problem comes when we can successfully run telnet 10.X.X.X 9999
from the host machine but if we run the same command from inside the container, it just hangs and it's not able to connect.
In addition, we have net.ipv4.ip_forward
enabled in the host machines (where the container runs) but disabled in the remote machine.
Not sure what could be the issue, maybe iptables
?
Install Docker on your SSH host. You do not need to install Docker locally. Follow the quick start for the Remote - SSH extension to connect to a host and open a folder there. Use the Remote-Containers: Reopen in Container command from the Command Palette (F1, Ctrl+Shift+P).
When you connect an existing container to a different network using docker network connect , you can use the --ip or --ip6 flags on that command to specify the container's IP address on the additional network. In the same way, a container's hostname defaults to be the container's ID in Docker.
I have spent the day with the same problem (tried with both network mode 'bridge' and 'host'), and it looks like an issue with using busybox's telnet inside ECS - Alpine's telnet is a symlink to busybox. I don't know enough about busybox/networking to suggest what the root cause is, but I was able to prove the network path was clear by using other tools.
My 'go to' for testing a network path is using netcat as follows. The 'success' or 'failure' message varies from version to version, but a refusal or a timeout (-w#) is pretty obvious. All netcat does here is request a socket - it doesn't actually talk to the listening application, so you need something else to test that.
nc -vz -w2 HOST PORT
My problem today was troubleshooting an app's mongo connection. nc showed the path was clear, but telnet had the same issue as you reported. I ended up installing the mongo client and checking with that, and I could connect properly.
If you need to actually run commands over telnet from inside your ECS container, perhaps try installing a different telnet tool and avoiding the busybox inbuilt one.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With