How is the host network supposed to work in mac installs?

[Diegus83]

I'm fairly new to docker but I have several containers running with no issues, all of them in the bridge network and accessible from the host as well as other machines from the local network. The host is a mac mini running 10.13.6
The problem arises with a couple containers that are supposed to be created with --net=host, like openvpn-as and forked-daapd (never had both created/running at the same time).
I don't get any errors when creating the containers but I can't never access the services from the host. Inside the container I can see the IP in the range 192.168.65.x (the default range defined in docker preferences). From inside the container I can ping the host at 192.168.33.x but I CAN'T ping the container IP from the host.
Maybe I'm missing a route somehow?
I also run the commands detailed here:
https://stackoverflow.com/questions/41083328/what-is-the-use-of-host-and-none-network-in-docker
And my results are different when using host mode: the IP and hostname of the container are not the same as the host.

I read the documentation here:
https://docs.docker.com/docker-for-mac/networking/
But I could not gather any insights as to what --net=host is supposed to do in mac.

Thanks for any information you can share.

[djs55]

Hi,

In Docker Desktop for Mac the containers are run in a helper VM. There are 2 kernels and 2 completely independent network stacks. Unfortunately --net=host actually means "use the default network namespace" which is inside the VM since it's the Linux kernel running the containers, hence the internal 192.168.65.0 addresses.

On Mac the VM "virtual hardware" including the virtual NIC is running as a regular user, which is more secure than running it as root. A consequence of this is that we can't automatically create network interfaces and bridges on the Mac.

I think you could try 2 things:

1. connect a VPN from your host to your VM, eg https://github.com/wojas/docker-mac-network
2. set up an tun tap on the host and feed the traffic into the VM, eg Docker for Mac and docker network access from host #171 (comment)

I've not tried either of these approaches... if you have any luck with them (or any others!), let me know.

Thanks for your report.

[Diegus83]

Thanks for the clear explanation.
If I try any of these options I will update with my findings.

[docker-robott]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

[docker-robott]

Closed issues are locked after 30 days of inactivity.
This helps our team focus on active issues.

If you have found a problem that seems similar to this, please open a new issue.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle locked