Anas Ouaghrem:
Hello guys, I’m following the docker for beginners course and saw Mumshad enter into a docker container with its internal IP that he got after inspecting the container. But it seems that this container as well as apparently all containers use bridge networks which normally in the case of VMs, exposes them to the outer network, that of the host. Is it the same with containers ? Can I access a container in a distant server just like that provided that the distant server is already preconfigured to route traffic inside of itself ?
Al West:
Docker containers, by default, use bridge networks which allow the containers to communicate with the host machine and other containers on the same Docker host. However, the containers are isolated from the outside world, by default, they can make outbound connections, but cannot accept incoming connections unless you configure them to do so.
To allow inbound connections to a Docker container from the outside world, you typically use Docker’s port forwarding feature, which allows you to map a port on your host system to a port on your Docker container.
Anas Ouaghrem:
I’m sorry if my questions sound stupid, this is my first time delving seriously into docker like that, so by default a docker container’s firewall if we can call it so only accepts internal traffic from the host as it is whitelisted ( I hope I’m right on this ) and can then only accept incoming traffic unless we manually map a port from the host to the container. Is that it ?
Al West:
It’s not a firewall - it is on a bridge network which is not routable outside of the docker host. What Docker does manage is Network Namespace and it controls the routing between the containers and between containers and external networks via NAT (Network Address Translation) and port mappings.
Anas Ouaghrem:
Thank you for your time sir. I’ve always struggled with networking as I always tend to mix concepts up