Investigating Docker connectivity issue

Question

I am trying to reach host-x.com from docker container running on MacOS but it fails:

$ docker run ubuntu:latest \ 
   /bin/bash -c \
   'apt-get update &&
     apt-get -y install netcat &&
     nc -v -z -w 3 host-x.com 443  &> /dev/null && echo "Online" || echo "Offline"'

Offline

It works fine when:

• I run a docker container in another machine:

  Online
  

• I run it on my Mac, outside of a docker container:

   nc -v -z -w 3 host-x.com 443  &> /dev/null && echo "Online" || echo "Offline"'     
  
   Online
  

• I run it on my Mac from docker container, for other target hosts:

  $ docker run ubuntu:latest \ 
     /bin/bash -c \
     'apt-get update &&
      apt-get -y install netcat &&
      nc -v -z -w 3 www.google.com 443  &> /dev/null && echo "Online" || echo "Offline"'   
  
  Online
  

UPDATE #1

1. As suggested I logged in into container and checked DNS. Host name is correctly resolved:

   root@55add56ecc11:/# ping host-x.com
   PING s1-host-x.com (172.22.187.101) 56(84) bytes of data.
   

2. However, ping packages are not delivered. I though this could be caused by the conflict of IP range in internal docker network and corporate network (172.17.X.X). I tried to fix the docker bridge IP address in my daemon configuration and re-check the connectivity but it didn't help:

   "bip" : "10.10.10.1/8"
   

3. I checked with 3 other persons in my company (4 in total including me). 50% has access to this host (Online), 50% doesn't (Offline).

4. I tried what @mko suggested, using netcat in interactive mode inside the container. Still timeout.

    root@37c61acc5aa5:/# nc -v -z -w 3 host-x.com 443
    s1-host-x.com [172.22.187.101] 443 (?) : Connection timed out  
   

5. I tried tracing the route but no success:

   traceroute -m 10 -w 1 host-x.com
   traceroute to host-x.com (172.22.187.101), 10 hops max, 60 byte packets
    1  10.10.10.1 (10.10.10.1)  0.444 ms  0.388 ms  0.364 ms
    2  * * *
    3  * * *
    4  * * *
    5  * * *
    6  * * *
    7  * * *
    8  * * *
    9  * * *
   10  * * *
   

How can I investigate that?

Answer 1

Very likely it's the problem with routes. Check route table with ip r or netstat -rn inside docker container and your host. Make sure that your changes of bip were applied by running ip a command inside container it should have address in your BIP range. Also it maybe that you new bip range 10.10.10.1 is also conflicting with corporate networks. In this case you should contact your network administrator and ask him what network you should choose for your docker containers. Also it is possible that host host-x.com is blocking requests from your docker container IP addresses.