Windows Firewall is blocking my attempt to allows Docker for Windows to share C: on windows 10 machine.
Works fine when Windows Firewall off. When its on I get
A firewall is blocking file Sharing between Windows and the containers. See documentation for more info.
The documentation says
You do not need to open port 445 on any other network. By default, allow connections to 10.0.75.1 port 445 (the Windows host) from 10.0.75.2 (the virtual machine).
I am "googled out" on trying to find how to do that - can someone advise?
You don't actually need to share the C drive but only reinstall (or potentially even uncheck - click OK - then check) the File and Print sharing service on the Hyper-V virtual network card. See this article.
Also if there are restrictions on your network profiles (i.e. public), consider changing the default "unidentified network" for the "vEthernet (DockerNAT)" card to private via this PowerShell command before doing the above:
Set-NetConnectionProfile -interfacealias "vEthernet (DockerNAT)" -NetworkCategory Private
Ok, so after running in the same issue, I have found a Solution.
This is what I did:
Step 1: Open ESET. Then click on Setup
Step 2: Click on Network protection
Step 3: Click on Troubleshooting wizard
Step 4: Find the Communication 10.0.75.2 (Default docker IP setting) Just check what the IP Range is defined inside your docker settings. Then look for for the IP which resides in that range.
Step 5: Click on the Unblock button, then you should receive this screen.
This solved the issue for myself.
You can then go to the Rules and check the rule that was added.
PS: This is my first post, sorry for any incorrect procedures.
Only this solution helps me:
- Go to Hyper-V Manager -> Virtual Switch Manager -> DockerNAT -> Connection Type: change from internal to private, apply, change back to internal, apply
- Restart MobyLinuxVM
- Restart Docker
- Set Docker network profile to 'Private'
Set-NetConnectionProfile -interfacealias "vEthernet (DockerNAT)" -NetworkCategory Private - Reset File and Printer Sharing for Microsoft Networks on DockerNAT connection
- Go to Docker -> Settings -> Shared Drives and share C:
My solution was to disconnect from the VPN; that was causing the issue
I was not using any third party firewalls when running into this error. I was convinced it was a Windows Firewall issue, though disabling Windows Firewall did not work for me. I finally found this blog post after much research: Docker on windows 10 error: A firewall is blocking file Sharing ...
It ended up NOT having to do with the built in Windows Firewall.
The Fix
- Uncheck File and Printer Sharing for Microsoft Networks from the vEthernet (DockerNAT) network adapter (you can find the connection in the Windows Network and Sharing Center).
- Recheck it and make sure it is enabled.
My C drive stopped being shared with Docker after a recent Windows 10 update. I was getting the same problem saying it was blocked by the Windows firewall when attempting to reshare it.
Looking through the above solutions, I found something that worked for me that is simpler than anything else I saw on this page. In Control Panel\All Control Panel Items\Network and Sharing Center, on the vEthernet (DockerNAT) connection, I unchecked the property File and Printer Sharing for Microsoft Networks and saved the setting. Then I checked the property again to reenable it and saved it again.
At this point, I was able to reshare the C drive in Docker settings. I have no idea why this worked but it was not a firewall problem, which already have an entry for DockerSmbMount.
I had this problem with Kaspersky; turning off Kaspersky worked, so I knew it was the firewall. In my case, Kaspersky was already blocking port 445 for some reason. I had to go to Packet Rules for the Firewall, Local Services (TCP) and remove 445 from the list of blocks ports.
For Windows 10 machines on domain networks, when creating the Hyper-V virtual Ethernet adapter, it gets categorized as a public network. You have to change it to a private network to allow the more relaxed Windows Firewall rules, and therefore allow file sharing.
Run the following command in PowerShell:
Set-NetConnectionProfile -interfacealias "vEthernet (DockerNAT)" -NetworkCategory Private
Change the name in quotes if your machine's virtual Hyper-V network connection is called something else.
My problem was Cisco Anyconnect VPN interfered with internal docker networking
to fix this go to:
Cisco Anyconnect Settings > Preferences >
check Allow local (LAN) access when using VPN
That depends on what firewall do you have installed. In my case I do have disabled the built-in Windows Firewall and I am using ESET Smart Security so my rules looks like:
- Create a rule for IN connection since you should allow Docker to connect to your host and set it to Allow
- Setup the port properly as explained in docs meaning
445:
- Setup the remote IP address:
Maybe this is not the answer since it's not related to Windows Firewall but could give you a clue in what to do.
None of the above worked for me.
What finally did the trick was opening the properties of the "vEthernet (DockerNAT)" network and ticking the box "Hyper-V Extensible Virtual Switch" at the bottom of the list under the "Networking" tab.
Not sure if this is the actual fix or whether it just somehow reset the network adapter for me... but it worked!
I had the same problem and tried all the fixes - and it turned out that more than one was necessary:
- Add a firewall rule (Norton Security for me)
- Make the network private
- Share the drive
I've written a full explanation at http://kajabity.com/2017/08/unblock-docker-for-windows-firewall-issues-with-host-volumes/
Everything everyone posted DID NOT WORK for me.
THIS DID.
I installed the EDGE release. I then went to WINDOWS DEFENDER and disabled the firewall for DOCKER NAT. (not my actual ethernet adapter, just the docker nat)
Once I disabled windows defender/firewall THAT way it worked fine.
ugh. really hopes that helps some of you!
As stated in one other answer Docker doesn't play nice with a VPN. If you're using Nordvpn you have to disable "Invisibility on LAN" and probably "Internet Kill Switch".
If you've done so it should work even with the VPN active.
I had same issue with F-secure, DeepGuard was blocking the Docker service. My solution was:
Open F-secure client and click "Tasks"
Choose "Allow a program to start"
Choose from list "com.docker.service" and press "Remove"
After that restart Docker client and try to apply for file share.
Also very good troubleshoot guide here: Error: A firewall is blocking file sharing between Windows and the containers
My G drive stopped being shared with Docker after a recent Windows 10 update. I was getting the same problem saying it was blocked by the Windows firewall when attempting to reshare it.
Then I had tried to solve this issues by couple of suggestion but i cant resolve that issue after that I have tried to Reset credentials below of Shared Drives and my issue was solved.
So If you want then you can try to do this-
For AVG Internet Security, enabling Internet Connection Sharing Mode under the Firewall settings did the trick for me.
Even after ensuring that the inbound firewall rule is set up properly and even after uninstalling and reinstalling the File and Printing Sharing Service it didn't work for me.
Solution: on top of that I also had to do a third thing. I had to deactivate the checkbox Prevent incoming connections when on a public network in the specific firewall settings for public networks. After doing that it started working for me as well. See screenshots attached at the end of this message.
Don't know how long this option has been there already. I'm currently working on Win 10 Pro 1709 16299.402.
1. Open specific firewall settings for public networks
2. Uncheck this checkbox
I had the same problem with firewall not allowing me to share my C drive. I tried all listed above solutions and nothing worked for me. Then I uninstalled docker completely from my machine Control Panel\Programs\Programs and Features ->
select Docker for Windows -> Uninstall
Then go to docker website and click Get Docker for Windows (Stable)
After that I was able to share drive C
In my case, I enabled "Block TCP 445" on Windows Defender Firewall with Advanced Security and it worked
This (link below) seems to be the best fix i have found so far. It is persistant across reboots. It is best explained here: https://gist.github.com/biggyspender/8b5b2ed9ff63de31045d41304e3915b3
The vEthernet network interface seems to be dynamically created each time the system is started, and it is created in the 'Public' group as opposed to in the 'Private' group (where it works). The edits in one of the Docker startup scripts (called out in the link above) automate the powershell command / fix noted by David Tesar above....
I had more luck adding the function to the script as opposed to editing the script and changing 'Internal' to 'Private'.
for those who can not solve this issue by any means, you can try this: manually map drive into the docker host:
https://github.com/docker/for-win/issues/466#issuecomment-416682825
The research is here: https://github.com/docker/for-win/issues/466#issuecomment-398305463
I found it quite easy. Just go to you network connections. You can go Control Panel/Network and Sharing. You will find various connections. Search for Docker connection. Select which ever is default. After selecting network, go to Properties. In the properties section enable the option Hyper-V Extensible Virtual Switch. This will help virtual container to use network card.
What did it for me (after several hours of trial-n-error) was changing the Subnet Mask from 255.255.255.240 to 255.255.255.0 (which should not change anything).
As part of the trial-n-error, I had done everything else listed on article, but without any success .. but this last step did it .. and reverting back to 255.255.255.240 does not break the good cycle.
I admit, it makes no sense .. but it might be related to an internal state only being triggered by the network change.
Anyway, if i have helped just one, then it was worth the effort.
Docker Desktop edge, 2.0.4.1 (34207)
Enabling the option Hyper-V Extensible Virtual Switch worked for me. Other solutions have not worked for me. I did it changing the configuration in the HyperV Virtual Switch Manager - DockerNAT - Extensions - Virtual Switch Extensions panel.
An alternative solution! I am not sure how I solved this problem, but I think it was the following approach that did the trick.
- Open Hyper-V Manager
- Select Virtual Switch Manager
- If several Virtual Switches are called DockerNAT, rename one of them to any other name.
- Make sure DockerNAT has connection type Internal network.
- Also, make sure that any duplicates have connection type "External Network" and use an ethernet connection, not a wireless connection (in the dropdown menu).
- Press ok and close Hyper-V Manager
- Restart the computer (twice, just in case).
- Now, try to share the drive for docker in Docker For Windows.
For me the only thing I had to do was to temporally disable the firewall in symantec endpoint protection. Share the C-drive in docker setting GUI. Come back and enable the firewall in symantec. (no powershell command etc...)
If non of the above works, just make sure you're not connected to a VPN. That's exactly what happened to me, i was connected to a VPN using Cisco AnyConnect client, also make sure you set an static DNS in the docker settings.
Personally, I faced with this problem after upgrading from 2.0.0.3 (build 31259) to 2.1.0.1 (build 37199).
Tried several options (in particular, "reinstall File and Print sharing service", Set-NetConnectionProfile, reset to defaults), but none of them worked.
Downgrade back to 2.0.0.3 (build 31259) turned things back to normal.
来源:https://stackoverflow.com/questions/42203488/settings-to-windows-firewall-to-allow-docker-for-windows-to-share-drive