Unique Use Case: Connecting from 1 machine to an endpoint in a VM?

Here’s my scenario:

  • I have Portainer running in a Docker container on 1 machine on my local network (192.168.0.123).
  • I also have Docker for Windows (uses Hyper-V) running inside of a VMWare VM, on a 2nd machine on the same local network (192.168.0.124).
  • I want to add the endpoint in Portainer to connect to the Docker endpoint on that VM, so I can control it from the 1st machine.

So far I have tried:

  • Adding a forwarded port to 2375 on the 2nd machine (192.168.0.124) to the VM using VMWare’s Network Connection manager.

  • Using the 2nd machine’s IP + the forwarded port as the endpoint URL in Portainer (192.168.0.124:2375)

  • Making sure all firewalls on all machines are turned off.

  • If I try to connect to say, an Nginx container in the VM from the 2nd machine that hosts it, I can.

  • If I try to connect to that same Nginx container from the 1st machine, can’t connect.

  • I can connect to the forwarded IP and port if I directly test with: tnc 192.168.0.124 -port 2375

    ComputerName : 192.168.0.124
    RemoteAddress : 192.168.0.124
    RemotePort : 2375
    InterfaceAlias : Ethernet
    SourceAddress : 192.168.0.123
    TcpTestSucceeded : True

However, when I add that same IP + Port as an endpoint in Portainer, it says “Unable to ping Docker environment”.

Has anyone tried doing this before (and succeeded?)

Is the dockerd on the second machine listening to TCP?

you can test connectivity from machine 1 to machine 2 with the -H flag

docker -H tcp://192.168.0.124:2376 ps -a

Hi @mark.kimsal

It’s showing that it’s listening on 127.0.0.1, but not 0.0.0.0 or [::1] in machine 2.

And then from machine 1 when I run that command you gave is says:

error during connect: Get https://192.168.0.124:2376/v1.39/containers/json?all=1: dial tcp 192.168.0.124:2376: connectex: No connection could be made because the target machine actively refused it.

(it says the same for port 2375 as well).

I also have an Nginx container on port 8000 on machine 2 that I can connect to from machine 1, and I notice that port 8000 is listening for the adapters 0.0.0.0 and [::1] (but not 127.0.0.1) on machine 2 … I wonder if I need to somehow force 2375/2376 to listen on 0.0.0.0 and [::1] as well as 127.0.0.1? Not sure how to do so though.

yes, exposing on localhost or 127.0.0.1 won’t allow you to access that port from other machines.

If you expose your docker host to accept commands on 0.0.0.0 get ready to have your machine hijacked to do someone else’s bit coin mining.

You can open different ports and have the two docker daemon form a swarm.

You can deploy portainer agent on the other machine and try to connect portainer that way.

You can try to change the dockerd settings on Windows (not sure how) and add the parameter `-H tcp://192.168.0.124:2375 -H tcp://127.0.0.1:2375" to have docker listen both locally and on your intranet.