docs/docker-for-mac/networking.md

113 lines
3.4 KiB
Markdown

---
description: Networking
keywords: mac, networking
redirect_from:
- /mackit/networking/
title: Networking features in Docker for Mac
---
{% assign Arch = 'Mac' %}
Docker for {{Arch}} provides several networking features to make it
easier to use.
## Features
### VPN Passthrough
Docker for {{Arch}}'s networking can work when attached to a VPN. To do this,
Docker for {{Arch}} intercepts traffic from the containers and injects it into
{{Arch}} as if it originated from the Docker application.
### Port Mapping
When you run a container with the `-p` argument, for example:
```
$ docker run -p 80:80 -d nginx
```
Docker for {{Arch}} makes whatever is running on port 80 in the container (in
this case, `nginx`) available on port 80 of `localhost`. In this example, the
host and container ports are the same. What if you need to specify a different
host port? If, for example, you already have something running on port 80 of
your host machine, you can connect the container to a different port:
```
$ docker run -p 8000:80 -d nginx
```
Now, connections to `localhost:8000` are sent to port 80 in the container. The
syntax for `-p` is `HOST_PORT:CLIENT_PORT`.
### HTTP/HTTPS Proxy Support
See [Proxies](index#proxies).
## Known limitations, use cases, and workarounds
Following is a summary of current limitations on the Docker for {{Arch}}
networking stack, along with some ideas for workarounds.
### There is no docker0 bridge on macOS
Because of the way networking is implemented in Docker for Mac, you cannot see a
`docker0` interface on the host. This interface is actually within the virtual
machine.
### I cannot ping my containers
Docker for Mac can't route traffic to containers.
### Per-container IP addressing is not possible
The docker (Linux) bridge network is not reachable from the macOS host.
### Use cases and workarounds
There are two scenarios that the above limitations affect:
#### I want to connect from a container to a service on the host
The host has a changing IP address (or none if you have no network access). From
18.03 onwards our recommendation is to connect to the special DNS name
`host.docker.internal`, which resolves to the internal IP address used by the
host.
The gateway is also reachable as `gateway.docker.internal`.
#### I want to connect to a container from the Mac
Port forwarding works for `localhost`; `--publish`, `-p`, or `-P` all work.
Ports exposed from Linux are forwarded to the host.
Our current recommendation is to publish a port, or to connect from another
container. This is what you need to do even on Linux if the container is on an
overlay network, not a bridge network, as these are not routed.
The command to run the `nginx` webserver shown in [Getting Started](index#explore-the-application-and-run-examples)
is an example of this.
```bash
$ docker run -d -p 80:80 --name webserver nginx
```
To clarify the syntax, the following two commands both expose port `80` on the
container to port `8000` on the host:
```bash
$ docker run --publish 8000:80 --name webserver nginx
$ docker run -p 8000:80 --name webserver nginx
```
To expose all ports, use the `-P` flag. For example, the following command
starts a container (in detached mode) and the `-P` exposes all ports on the
container to random ports on the host.
```bash
$ docker run -d -P --name webserver nginx
```
See the [run command](/engine/reference/commandline/run.md) for more details on
publish options used with `docker run`.