Docker container binds to port, but I am unable to ping it

Question

I have a running Docker container (from this image). The container seems to be running correctly as far as I can see (the log-files are looking good and can connect via SSH to container and use SQLPlus inside it). However, I am unable to connect to the container from my host.

I started the container like this:

sudo docker run -d -p 49160:22 -p 49161:1521 -p 49162:8080 alexeiled/docker-oracle-xe-11g

I inspected the port-binding by this:

$ sudo docker port <container> 8080
0.0.0.0:49162

And when I do a sudo docker inspect <container> I get among others this:

"NetworkSettings": {
    "IPAddress": "172.17.0.2",
    "IPPrefixLen": 16,
    "Gateway": "172.17.42.1",
    "Bridge": "docker0",
    "PortMapping": null,
    "Ports": {
        "1521/tcp": [
            {
                "HostIp": "0.0.0.0",
                "HostPort": "49161"
            }
        ],
        "22/tcp": [
            {
                "HostIp": "0.0.0.0",
                "HostPort": "49160"
            }
        ],
        "8080/tcp": [
            {
                "HostIp": "0.0.0.0",
                "HostPort": "49162"
            }
        ]
    }
},

When I try to ping the container, the container responds:

$ ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_req=1 ttl=64 time=0.138 ms
64 bytes from 172.17.0.2: icmp_req=2 ttl=64 time=0.132 ms

But I cannot connect from my host (Windows) to the Docker container. I am running Docker inside a Ubuntu 12.04 virtual machine (in VirtualBox on Windows). I am not sure if it is a problem with Docker, with my Linux VM or with VirtualBox. I forwarded a bunch ports in VirtualBox:

This is the result of sudo netstat -tpla:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN      542/rpcbind
tcp        0      0 *:ssh                   *:*                     LISTEN      1661/sshd
tcp        0      0 *:51201                 *:*                     LISTEN      831/rpc.statd
tcp        0     80 docker:ssh              10.0.2.2:62220          ESTABLISHED 1902/sshd: vagrant
tcp6       0      0 [::]:49160              [::]:*                  LISTEN      2388/docker
tcp6       0      0 [::]:49161              [::]:*                  LISTEN      2388/docker
tcp6       0      0 [::]:56105              [::]:*                  LISTEN      831/rpc.statd
tcp6       0      0 [::]:49162              [::]:*                  LISTEN      2388/docker
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN      542/rpcbind
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1661/sshd

Any idea why I cannot connect from Windows to my (running) Docker container?

Answer 1

UPDATE:

You configuration seems ok to me, but I think that ports 49160-49162 should be bind to IPv4 interface not IPv6. I googled this and it seems that you encountered an open bug in docker:

• https://github.com/dotcloud/docker/issues/2174
• https://serverfault.com/questions/545379/docker-will-only-bind-forwarded-ports-to-ipv6-interfaces

I see two solutions to your problem:

1. completely disable IPv6 on Ubuntu VM
2. or bind directly to the IPv4 address: -p 172.17.42.1:49162:8080

---

Answer before edit:

You can't ping ports. Ping is using ICMP protocol.

In case you cannot connect to published port, you can check if specific service in the docker container does bind to proper network interface (f.e. 0.0.0.0) and not to localhost. You can check all listening ports in container: netstat -tpla.

Answer 2

When you run docker in windows the construct is like this

Windows machine [
  Docker Virtual Box VM [ 
    Container1,
    Container2,
    ...
  ]
]

So when you expose a port in your container and bind it to all address in the host machine say using the -p parameter, the port is actually exposed in the docker virtual box VM and not on the windows machine.

Say for instance you run

docker run --name MyContainerWithPortExpose -d -p 127.0.0.1:43306:3306  SomeImage:V1

Run a netstat command from your windows command prompt. Strangely you will not see the localhost:43306 port in LISTEN mode

Now do a boot2docker ssh from your boot2docker console to log into the docker virtual box VM Run a netstat command. Vola..... you will find localhost:43306 listed on the docker virtual box VM

Work around:

Once in the Virtual Box VM, run a ipconfig command and find out the IP address of the VM. Use this IP in the run docker command, instead of 127.0.0.1 The down side to this work around is, your DHCP server can sometime play havoc by assigning different IPs each time you start the boot2docker virtual box VM.