I have a service running on a host at port 8545. I have several docker containers which need access to this service on the host. The host is running ubuntu. I've successfully configured

extra_hosts:
- "host.docker.internal:host-gateway"

in the docker-compose file I use to bring up my docker containers. However, I'm finding that the containers cannot access host.docker.internal:8545 unless I open up that port on the host with

ufw allow 8545

However, this opens up the port to anyone which isn't desirable.

How can I open up this port to just the docker containers running on the host?

EDIT: I've seen that the docker0 interface has an IP of 172.17.0.1. I tried running sudo ufw allow from 172.17.0.1 but that didn't enable my containers to access port 8545 on the host.

root@localhost:~/code/metis/ops# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
Anywhere ALLOW 172.17.0.1
22/tcp (v6) ALLOW Anywhere (v6)
root@localhost:~/code/metis/ops# docker exec -it ops_l2geth-mainnet_1 /bin/sh
/ # geth attach
Fatal: Failed to start the JavaScript console: api modules: Post "": context deadline exceeded

EDIT 2: I also tried another suggestion from here which also didn't work:

root@localhost:~/code/metis/ops# ufw allow out on docker0 from 172.17.0.0/16
Rule added
root@localhost:~/code/metis/ops# docker exec -it ops_l2geth-mainnet_1 /bin/sh
/ # geth attach
Fatal: Failed to start the JavaScript console: api modules: Post "": context deadline exceeded

EDIT 3: I forgot to mention that I'm running these containers with docker-compose. As I understand, docker-compose uses custom networks which might explain why the above ufw allow commands aren't helping.

4

1 Answer

Figured it out! Though I'm not sure if this is a generic solution.

It turns out that because I started my containers with docker-compose the default docker0 interface with IP 172.17.0.1 wasn't how my containers were talking with the host. In my case, docker-compose made a new network called ops_default:

 ❯❯❯ docker network ls
NETWORK ID NAME DRIVER SCOPE
2774ed101a84 bridge bridge local
a6176c796a29 host host local
dfcd1606b19d none null local
7415a4410daf ops_default bridge local

Inspecting the ops_default yielded the following

 ❯❯❯ docker network inspect ops_default
[ { "Name": "ops_default", "Id": "7415a4410daf3df718ce957787abd1b9842e4e914fd1b2ff549c80e56d032265", "Created": "2022-03-10T16:14:13.789181757Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.22.0.0/16", "Gateway": "172.22.0.1" } ] }, "Internal": false, "Attachable": true, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { } }
]

It seems that this network runs on subnet 172.22.0.0/16. Running ufw allow from 172.22.0.0/16 fixed my issue!

root@localhost:~/code/metis/ops# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
Anywhere ALLOW 172.22.0.0/16
22/tcp (v6) ALLOW Anywhere (v6)
root@localhost:~/code/metis/ops# docker exec -it ops_l2geth-mainnet_1 /bin/sh
/ # geth attach
Welcome to the Geth JavaScript console!
instance: Geth/v1.10.17-unstable-19c2c60b-20220308/linux-amd64/go1.17.8
at block: 14360238 (Thu, 10 Mar 2022 16:44:29 UTC) modules: eth:1.0 net:1.0 rpc:1.0 web3:1.0
> 

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy