Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Docker on Windows File Sharing Blocked by Firewall

TL;DR

From the docker container running on the VM I can ping all my host IPs (such as 10.10.10.1 and 172.24.185.209) but I can't ping 10.0.75.1. My guess is that once I can figure out why I can't reach the 10.0.75.1 network adapter the share issue will be resolved.


I have gone through this post that described the same issue and tried the various suggestions without success. I have tried the following:

  1. Set the Docker interface to be private using the following:
    • Set-NetConnectionProfile -interfacealias "vEthernet (DockerNAT)" -NetworkCategory Private
  2. Telnet'ed successfully to 10.0.75.1 445
  3. Shared the c drive and checked that I could access it from \10.0.75.1\c
  4. Turned-off the firewall for "Domain", "Public", "Private"
  5. I tried to uninstall the "File and Printer Sharing for Microsoft Networks" for the "vEthernet (DockerNAT)" (to re-install as someone had suggested) but got the error: 0x80071779
    • This appears to be an issue in the windows version 1803
  6. I then unchecked the "File and Printer Sharing for Microsoft Networks" for the "vEthernet (DockerNAT)" clicked "Ok" and then checked it back on.
  7. I have reinstalled Docker for Windows a couple of times as well

I am using the following:

  • Windows10 Version 1803 (OS Build 17134.285)
  • Docker CE Version 18.06.1-ce-win73 (19507), Channel: Stable

Updated: 9/27/2018

I was trying to connect to the VM and poke around but it couldn't - it keeps saying "Video remoting was disconnected". But following this https://docker-saigon.github.io/post/Docker-Beta/#private-registries:ebf9573d6838c40027746e9d7482622a I ran a container on the VM and accessed the VM through it. I am running the container using the following so I have full access to the guest network (--net=host)

docker run --net=host --ipc=host --uts=host --pid=host -it --security-opt=seccomp=unconfined --privileged --rm -v /:/host alpine /bin/sh

I have the following adapters on the host:

PS C:\WINDOWS\system32> ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : consilins2
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : PANGP Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 02-50-41-00-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter vEthernet (Default Switch):

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 2C-15-60-80-CD-1B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter vEthernet (Default Switch) 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
   Physical Address. . . . . . . . . : 02-15-9F-19-92-4C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1d6e:1706:ba33:33a8%31(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.24.185.209(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 520099165
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-97-33-8D-9C-B6-D0-EC-24-55
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter vEthernet (DockerNAT):

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
   Physical Address. . . . . . . . . : 00-15-5D-12-B3-04
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.75.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 9E-B6-D0-EC-24-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : AE-B6-D0-EC-24-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Killer Wireless-n/a/ac 1535 Wireless Network Adapter
   Physical Address. . . . . . . . . : 9C-B6-D0-EC-24-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::504d:580b:1452:d100%29(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.10.10.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, September 26, 2018 4:35:28 PM
   Lease Expires . . . . . . . . . . : Friday, September 28, 2018 6:28:00 AM
   Default Gateway . . . . . . . . . : 10.10.10.254
   DHCP Server . . . . . . . . . . . : 10.10.10.254
   DHCPv6 IAID . . . . . . . . . . . : 127710928
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-97-33-8D-9C-B6-D0-EC-24-55
   DNS Servers . . . . . . . . . . . : 10.10.10.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 9C-B6-D0-EC-24-56
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
PS C:\WINDOWS\system32>

I have the following adapters as seen from the docker container:

docker0   Link encap:Ethernet  HWaddr 02:42:DE:73:21:B4
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:deff:fe73:21b4/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:348 (348.0 B)

eth0      Link encap:Ethernet  HWaddr 02:50:00:00:00:01
          inet addr:192.168.65.3  Bcast:192.168.65.255  Mask:255.255.255.0
          inet6 addr: fe80::383b:a8ff:fe9f:2902/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:1978 (1.9 KiB)

hvint0    Link encap:Ethernet  HWaddr 00:15:5D:12:B3:03
          inet addr:10.0.75.2  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::215:5dff:fe12:b303/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2896 errors:0 dropped:57 overruns:0 frame:0
          TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:550086 (537.1 KiB)  TX bytes:3128 (3.0 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:34 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:3228 (3.1 KiB)  TX bytes:3228 (3.1 KiB)

From the docker container running on the VM I can ping all my host IPs (such as 10.10.10.1 and 172.24.185.209) but I can't ping 10.0.75.1. My guess is that once I can figure out why I can't reach the 10.0.75.1 network adapter the share issue will be resolved.

I am hoping that this might be a better defined problem to solve. Again, any help would be appreciated.

Thanks,

Amit

like image 782
Amit Gupta Avatar asked Sep 26 '18 00:09

Amit Gupta


People also ask

How do I enable file sharing in Docker?

In order to share Windows folders with Docker containers, you first need to configure the "Shared Drives" option in Docker settings. Once the Shared Drives option is configured, you can mount any folder on shared drives with the "-v" (volume) flag.

Does Docker bypass firewall?

Docker Network bypasses Firewall, no option to disable Check the firewall; docker will by use "anywhere" as the source, thereby all containers are exposed to the public.

How do I give admin rights to Docker?

If your admin account is different to your user account, you must add the user to the docker-users group. Run Computer Management as an administrator and navigate to Local Users and Groups > Groups > docker-users. Right-click to add the user to the group. Log out and log back in for the changes to take effect.

Do Docker containers have their own firewall?

Because a Docker container firewall is itself a distributed system with host-based inspection and protection points, many security functions are possible. These include: Detecting privilege escalations and suspicious process in hosts and containers. Vulnerability scanning of hosts and running containers.


1 Answers

TL;DR

I believe that there was another anti-virus that was running that was causing the blocked firewall issue


I decided to switch from using Windows Defender to Norton Antivirus to see if that would resolve the issue. When I tried to install Norton it complained that it could not remove a previously installed version of the AV and the installation aborted. As far as I knew the only AV I had on my system was Windows Defender. There was no evidence of any other AV running in the system tray. I checked the services list - I found an entry for Norton but it was not running. I am not sure if that entry existed before or it was created as part of the unsuccessful installation. Either way, I rebooted by computer and decided to try sharing the drive again and it worked. I was able to ping 10.0.75.1 and share the c drive without issue. My best guess is that there might have been a version of Norton running in the background which got cleaned-up when I tried to do a fresh install and allowed the files to be shared.

I wish I had better insight into the exact cause and the fix but it is working now. Thanks.

like image 152
Amit Gupta Avatar answered Sep 22 '22 03:09

Amit Gupta