We run several docker images on a VM.
sudo iptables -S
shows a lot of docker networking.
We try to connect to an external MySQL database in another net.
mysql --host=mysql.example.org --user=thisuser thatdatabase
We get error message:
ERROR 2002 (HY000): Can't connect to MySQL server on 'mysql.example.org' (115)
Network logs show that external firewall does not recognize a connect attempt.
We tried to shut down docker and try again with no avail.
sudo traceroute mysql.example.org
traceroute to mysql.example.org (111.222.333.444), 30 hops max, 60 byte packets
1 localvm.example.org (172.17.0.1) 3071.799 ms !H 3071.763 ms !H 3071.754 ms !H
The 172.17.0.1
is -not- the ip-address from the local system.
On another vanilla system we can connect to this instance.
We tried to use a explicit route with no avail.
ip route add 222.333.444.0/24 dev ens192
traceroute mysql.example.org
traceroute to mysql.example.org (correct external ip-address), 30 hops max, 60 byte packets
1 localvm.example.org (correct local ip-address) 3068.673 ms !H 3068.566 ms !H 3068.532 ms !H
Any suggestions how to narrow down errors?
Is it time to start wireshark?
VM is Debian 10, client is mysql Ver 15.1 Distrib 10.3.22-MariaDB
Turned out that we had to tell docker not to use 172.17.0.0/24 network.
According to how-do-i-configure-the-default-bridge-docker0
we changed
Old route entry was
route now shows different net:
Now its not conflicting with the existing server and connection is possible.
Thanks very much to all for your help!
normally means that there is no MySQL server running on the system or that you are using an incorrect Unix socket file name or TCP/IP port number when trying to connect to the server. You should also check that the TCP/IP port you are using has not been blocked by a firewall or port blocking service.