Docker Host Networking Details, Examples, and Limitations

- In situations where a container needs to handle a large range of ports This is because it doesn't require network address translation (NAT), and no "userland-proxy" is created for each port. The host networking driver is supported on Docker Engine (Linux only) and Docker Desktop version 4.34 and later. You can also use a `host` network for a swarm service, by passing `--network host` to the `docker service create` command. In this case, control traffic (traffic related to managing the swarm and the service) is still sent across an overlay network, but the individual swarm service containers send data using the Docker daemon's host network and ports. This creates some extra limitations. For instance, if a service container binds to port 80, only one service container can run on a given swarm node. ## Docker Desktop Host networking is supported on Docker Desktop version 4.34 and later. To enable this feature: 1. Sign in to your Docker account in Docker Desktop. 2. Navigate to **Settings**. 3. Under the **Resources** tab, select **Network**. 4. Check the **Enable host networking** option. 5. Select **Apply and restart**. This feature works in both directions. This means you can access a server that is running in a container from your host and you can access servers running on your host from any container that is started with host networking enabled. TCP as well as UDP are supported as communication protocols. ### Examples The following command starts netcat in a container that listens on port `8000`: ```console $ docker run --rm -it --net=host nicolaka/netshoot nc -lkv 0.0.0.0 8000 ``` Port `8000` will then be available on the host and you can connect to it with the following command from another terminal: ```console $ nc localhost 8000 ``` What you type in here will then appear on the terminal where the container is running. To access a service running on the host from the container, you can start a container with host networking enabled with this command: ```console $ docker run --rm -it --net=host nicolaka/netshoot ``` If you then want to access a service on your host from the container (in this example a web server running on port `80`), you can do it like this: ```console $ nc localhost 80 ``` ### Limitations - Processes inside the container cannot bind to the IP addresses of the host because the container has no direct access to the interfaces of the host. - The host network feature of Docker Desktop works on layer 4. This means that unlike with Docker on Linux, network protocols that operate below TCP or UDP are not supported. - This feature doesn't work with Enhanced Container Isolation enabled, since isolating your containers from the host and allowing them access to the host network contradict each other. - Only Linux containers are supported. Host networking does not work with Windows containers. ## Next steps - Go through the [host networking tutorial](/manuals/engine/network/tutorials/host.md) - Learn about [networking from the container's point of view](../_index.md) - Learn about [bridge networks](./bridge.md) - Learn about [overlay networks](./overlay.md) - Learn about [Macvlan networks](./macvlan.md)

Docker's `host` network driver avoids NAT and userland proxies, enhancing performance, especially for containers handling many ports. It's supported on Docker Engine (Linux) and Docker Desktop (version 4.34+). Swarm services can use `host` networking for data while using an overlay network for control traffic, but this creates limitations, like only one service container binding to port 80 per node. Docker Desktop requires signing in, enabling host networking in settings, and restarting. Examples show using netcat to listen on and connect to ports on the host. Limitations include inability to bind to host IP addresses, Layer 4 support only on Docker Desktop, incompatibility with Enhanced Container Isolation, and Linux container support only. Further reading includes host networking tutorials and details on other network types.