Unique Use Case: Connecting from 1 machine to an endpoint in a VM?

Here’s my scenario:

  • I have Portainer running in a Docker container on 1 machine on my local network (
  • I also have Docker for Windows (uses Hyper-V) running inside of a VMWare VM, on a 2nd machine on the same local network (
  • I want to add the endpoint in Portainer to connect to the Docker endpoint on that VM, so I can control it from the 1st machine.

So far I have tried:

  • Adding a forwarded port to 2375 on the 2nd machine ( to the VM using VMWare’s Network Connection manager.

  • Using the 2nd machine’s IP + the forwarded port as the endpoint URL in Portainer (

  • Making sure all firewalls on all machines are turned off.

  • If I try to connect to say, an Nginx container in the VM from the 2nd machine that hosts it, I can.

  • If I try to connect to that same Nginx container from the 1st machine, can’t connect.

  • I can connect to the forwarded IP and port if I directly test with: tnc -port 2375

    ComputerName :
    RemoteAddress :
    RemotePort : 2375
    InterfaceAlias : Ethernet
    SourceAddress :
    TcpTestSucceeded : True

However, when I add that same IP + Port as an endpoint in Portainer, it says “Unable to ping Docker environment”.

Has anyone tried doing this before (and succeeded?)

Is the dockerd on the second machine listening to TCP?

you can test connectivity from machine 1 to machine 2 with the -H flag

docker -H tcp:// ps -a

Hi @mark.kimsal

It’s showing that it’s listening on, but not or [::1] in machine 2.

And then from machine 1 when I run that command you gave is says:

error during connect: Get dial tcp connectex: No connection could be made because the target machine actively refused it.

(it says the same for port 2375 as well).

I also have an Nginx container on port 8000 on machine 2 that I can connect to from machine 1, and I notice that port 8000 is listening for the adapters and [::1] (but not on machine 2 … I wonder if I need to somehow force 2375/2376 to listen on and [::1] as well as Not sure how to do so though.

yes, exposing on localhost or won’t allow you to access that port from other machines.

If you expose your docker host to accept commands on get ready to have your machine hijacked to do someone else’s bit coin mining.

You can open different ports and have the two docker daemon form a swarm.

You can deploy portainer agent on the other machine and try to connect portainer that way.

You can try to change the dockerd settings on Windows (not sure how) and add the parameter `-H tcp:// -H tcp://" to have docker listen both locally and on your intranet.