Is it possible to change / configure the IP address that host.internal.docker gets mapped to?

[muya]

Scenario:

One of the services that we're running as part of our stack, Ory oathkeeper, has defined an "allow-list" of IP address ranges to which it can make requests (see https://github.com/ory/x/blob/8f55c13831d0ff51ffdb8c9211d3a987c13bad2c/httpx/ssrf.go#L91).

Since Orbstack assigns host.internal.docker to 0.250.250.254, the oathkeeper service is unable to make an API call to any endpoint on my host when addressed via host.internal.docker.

If interested, this repo contains details on how to reproduce the issue: https://github.com/muya/oathkeeper-ip-restrictions-demo

Basically, the scenarios fail when using Orbstack, and pass when not using Orbstack.

[kdrag0n]

You can try host.orb.internal instead, which has IPv6. The IPv6 address falls under the allowlist.

[muya]

Hello @kdrag0n - thanks for your response.

Is there a particular config I need to enable the IPv6 assignment?

Steps I took:

• In Orbstack settings, I checked "Enable IPv6"
• Restarted Orbstack
• Nuked all the containers and set them up afresh
• Attempted to reproduce the issue.

From within the container, pinging host.orb.internal is still resolving to an IPv4 address:

ping host.orb.internal
PING host.orb.internal (0.250.250.254) 56(84) bytes of data.
64 bytes from host.orb.internal (0.250.250.254): icmp_seq=1 ttl=62 time=0.783 ms
64 bytes from host.orb.internal (0.250.250.254): icmp_seq=2 ttl=62 time=0.500 ms
^C
--- host.orb.internal ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1005ms
rtt min/avg/max/mdev = 0.500/0.641/0.783/0.141 ms

[getlarge]

Hi @kdrag0n, I have the same question for the same situation. Is there something else to enable/disable in Orbstack settings?