Support lima environments

[gregnr]

A number of Docker Desktop alternatives use lima under the hood to manage Linux VM's:

• colima
• Rancher Desktop

Research how the networking works for these tools and find a way to get docker-mac-net-connect to work seamlessly with them.

Related:

• Help making it work with colima #16
• Can this tool help me connect port when docker run use --net="host" #8

[night0wl]

I did a bit of further research on this topic.

It seems that all Lima-based solutions work in a similar way. They create a bridge100 interface on the MacOS host, and a connected interface on the VM. The name varies, e.g. col0, rd1 etc. and the subnets they use also vary.

However, I discovered that it is not necessary to use them at all, and the utun3 <-> chip0 connection created by docker-mac-net-connect can be used instead. The only thing I needed to do to was to add an iptables rule:

sudo iptables -A FORWARD -s 10.33.33.1 -p tcp -j ACCEPT

I implemented this rule in the client/main.go code, but found it wasn’t working. When I dug a little deeper, I found that the reason was that the Alpine image which Colima / Rancher Desktop use, ships with a version of iptables which is using “legacy” instead of “nf_tables”. The docker image created by docker-mac-net-connect was installing a version of iptables that was using “nf_tables” and so the rules were not applying outside of the container.

To fix this, I updated the Dockerfile to include the following command

update-alternatives --set iptables /usr/sbin/iptables-legacy

I built the docker container locally, and tested everything with Docker Desktop, Colima, and Rancher Desktop. All three worked just fine with this update. I will add a PR to show the changes necessary.

EDIT: PR implementing the above: #27