How to connect container in another docker network?

Question

I have postgres running in default container network as it ran using docker run command. And, our webapp running on the same server but spinned as a docker-compose service. So, there is separate bridge network created for that automatically.

How to connect this docker-compose service created web app container in custom network to the postgres database created using docker run command in default network?

I tried using localhost, host.docker.internal both are not working. LAN connection IP of the host machine is working but it might change if I ran on a different server, so not useful.

Answer 1

Containers in different networks can not communicate with each other because iptables drop such packets. This is shown in the DOCKER-ISOLATION-STAGE-1 and DOCKER-ISOLATION-STAGE-2 chains in the filter table.

sudo iptables -t filter -vL

Rules can be added to DOCKER-USER chain to allow communication between different networks. In the above scenario, the following commands will allow ANY container in mynetwork1 to communicate with ANY containers in mynetwork2.

The bridge interface names of the network (mynetwork1 and mynetwork2) need to be found first. Their names are usually look like br-07d0d51191df or br-85f51d1cfbf6 and they can be found using command "ifconfig" or "ip link show". Since there are multiple bridge interfaces, to identify the correct ones for the networks of interest, the inet address of the bridge interface (shown in ifconfig) should match the subnet address shown in command 'docker network inspect mynetwork1'

sudo iptables -I DOCKER-USER -i br-########1 -o br-########2 -j ACCEPT
sudo iptables -I DOCKER-USER -i br-########2 -o br-########1 -j ACCEPT

The rules can be fine tuned to allow only communications between specific IPs. E.g,

sudo iptables -I DOCKER-USER -i br-########1 -o br-########2 -s 172.17.0.2 -d 172.19.0.2 -j ACCEPT
sudo iptables -I DOCKER-USER -i br-########2 -o br-########1 -s 172.19.0.2 -d 172.17.0.2 -j ACCEPT