none
Enabling container access to external ethernet RRS feed

  • Question

  • I've got the Server 2016 TP3 container VM running on my Windows 10 system Hyper-V setup.   That VM can see the outside world through an external switch.   I've created a container to run inside that VM.  At first, I configured it to use the default "Virtual Switch" which provides NAT capabilities.  Running ipconfig inside the container shows it got an address consistent with my external DHCP server's range.  But the container can't ping the outside world.

    Then I tried configuring the container with an "external" switch.  Now, the container gets an IP address starting with 169 (a sign it could not really get an IP address) and of course, it still can't see anything.

    I'm not very familiar with virtual switches in any case.  Can someone get me started with the right commands, all the way from the physical host, through the VM, down to the container?

    (BTW, I've disabled the firewall on the VM, so it can see everything on all ports available from the physical host.)

    Thanks,

    Carl


    Carl

    Friday, August 21, 2015 9:49 PM

Answers

  • Hi Carl, hi aL3891,

    Yes - Mac Address Spoofing should help. If your Containers are only receiving an APIPA Address, you are using DHCP, and running the Container host in a VM, please make sure, that Mac Address Spoofing is enabled for the VM's network adapter.

    This can be achieved using PowerShell: Get-VMNetworkAdapter -VMName "[YourVMNameHere]" | Set-VMNetworkAdapter -MacAddressSpoofing On

    Opening specific firewall ports is currently required on the Container host if you want to connect to the Container (as you already noted). This is still work in progress. Please see here for an example of opening a Firewall port. We do not recommend disabling the Firewall completely for security reasons. Additionally most customers will have some kind of Firewall in place and it is good to know as early as possible about the needed ports. For completely isolated test-environments however disabling could be a feasible approach just to not have to worry about the specific ports/protocols.

    Hope this helps,

    Lars


    This posting is provided AS IS with no warranties, and confers no rights. You assume all risk for your use.

    • Proposed as answer by aL3891 Monday, August 24, 2015 7:05 AM
    • Marked as answer by doctorcja Tuesday, August 25, 2015 6:02 PM
    Sunday, August 23, 2015 7:45 PM

All replies

  • I also had this problem but it was solved by going into the settings for the host VM, and enabling mac adress spoofing under the advanced settings for the virtual nic.

    I also had to disable the firewall in the host VM to be able to access the container. This seems to be the case even if you use external switches. Im not sure if this is a bug or not though



    • Edited by aL3891 Saturday, August 22, 2015 6:42 PM
    Saturday, August 22, 2015 2:51 PM
  • Hi Carl, hi aL3891,

    Yes - Mac Address Spoofing should help. If your Containers are only receiving an APIPA Address, you are using DHCP, and running the Container host in a VM, please make sure, that Mac Address Spoofing is enabled for the VM's network adapter.

    This can be achieved using PowerShell: Get-VMNetworkAdapter -VMName "[YourVMNameHere]" | Set-VMNetworkAdapter -MacAddressSpoofing On

    Opening specific firewall ports is currently required on the Container host if you want to connect to the Container (as you already noted). This is still work in progress. Please see here for an example of opening a Firewall port. We do not recommend disabling the Firewall completely for security reasons. Additionally most customers will have some kind of Firewall in place and it is good to know as early as possible about the needed ports. For completely isolated test-environments however disabling could be a feasible approach just to not have to worry about the specific ports/protocols.

    Hope this helps,

    Lars


    This posting is provided AS IS with no warranties, and confers no rights. You assume all risk for your use.

    • Proposed as answer by aL3891 Monday, August 24, 2015 7:05 AM
    • Marked as answer by doctorcja Tuesday, August 25, 2015 6:02 PM
    Sunday, August 23, 2015 7:45 PM
  • Thanks.  Setting MacAddressSpoofing was the key.  I'm in business now.


    Carl

    Tuesday, August 25, 2015 6:02 PM
  • Nice, thank you for confirming!
    Lars


    This posting is provided AS IS with no warranties, and confers no rights. You assume all risk for your use.

    Tuesday, August 25, 2015 8:08 PM