Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support lima environments #26

Open
gregnr opened this issue Apr 25, 2023 · 2 comments
Open

Support lima environments #26

gregnr opened this issue Apr 25, 2023 · 2 comments

Comments

@gregnr
Copy link
Member

gregnr commented Apr 25, 2023
edited
Loading

A number of Docker Desktop alternatives use lima under the hood to manage Linux VM's:

Research how the networking works for these tools and find a way to get docker-mac-net-connect to work seamlessly with them.

Related:
@night0wl
Copy link

night0wl commented May 27, 2023
edited
Loading

I did a bit of further research on this topic.

It seems that all Lima-based solutions work in a similar way. They create a bridge100 interface on the MacOS host, and a connected interface on the VM. The name varies, e.g. col0, rd1 etc. and the subnets they use also vary.

However, I discovered that it is not necessary to use them at all, and the utun3 <-> chip0 connection created by docker-mac-net-connect can be used instead. The only thing I needed to do to was to add an iptables rule:

sudo iptables -A FORWARD -s 10.33.33.1 -p tcp -j ACCEPT

I implemented this rule in the client/main.go code, but found it wasn’t working. When I dug a little deeper, I found that the reason was that the Alpine image which Colima / Rancher Desktop use, ships with a version of iptables which is using “legacy” instead of “nf_tables”. The docker image created by docker-mac-net-connect was installing a version of iptables that was using “nf_tables” and so the rules were not applying outside of the container.

To fix this, I updated the Dockerfile to include the following command

update-alternatives --set iptables /usr/sbin/iptables-legacy

I built the docker container locally, and tested everything with Docker Desktop, Colima, and Rancher Desktop. All three worked just fine with this update. I will add a PR to show the changes necessary.

EDIT: PR implementing the above: #27

@jaymecd
Copy link

jaymecd commented Jan 7, 2025

Within my recent tests using rancher desktop = 1.16.0, colima = 0.8.1 and docker-mac-net-connect = v0.1.3 I haven't faced any issue, and there was no need to apply iptables rule mentioned by @night0wl above.

Both were tested using vz/qemu emulations, as well as rootless/privileged setup, with and without routable IP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jaymecd @night0wl @gregnr