Windows docker container cannot ping host

Question

I am running a windows docker container on a Windows Server 2016 host, running default configuration.

When running the docker container using the command:

docker run -it microsoft/windowsservercore powershell

When I run the command:

ping <hostIPAddress>

It just says that the request times out. I have checked that I can ping 8.8.8.8 and google.com etc... and even other machines on the same subnet. The only one I cannot ping is the host.

I have added '--dns ' to the 'docker run' command but this only allows me to ping the host machine via hostname and not IP.

Has anyone else seen this problem and have a solution?

Answer 1

I found a workaround (I'm not willing to call it a solution):

Windows Container Network Drivers: create a 'transparent' network:

docker network create -d transparent trans

Attach container to this network

docker run --network=trans ...

Important: Please note, that with this network, your container needs to obtain an IP Adress from the Host Subnet and it is directly exposed to it.

maybe related (this is about access the containers from the host):

According to https://github.com/Microsoft/Virtualization-Documentation/issues/253#issuecomment-217975932 (JMesser81):

This is a known limitation in our Windows NAT implementation (WinNAT) that you cannot access the external port in a static port mapping directly from the container (NAT) host.

Answer 2

In my case I have a corporate managed McAfee firewall running on my Windows host. I could not add any additional rules on the firewall, but fortunately there was a rule that allowed access from 172.16.0.0/24.

I used "docker network create -d transparent trans" and it worked as described, but I was not happy with an IP from my host network assigned to the container.

I did the following:

• docker network create --driver=nat --subnet=172.16.0.0/24 br0
• Added --network=br0 to my docker run command