How to Manage Container Networks on macOS with Apple container
Purpose
This post demonstrates how to manage container networking with Apple container β custom subnets, port forwarding, DNS domains, and network isolation for development environments.
Default Network
When I run container system start, a default network is created automatically. Every container attaches to it unless I specify otherwise. The default subnet is typically 192.168.64.0/24.
container network listcontainer network inspect defaultCustom Networks
Create an isolated network with a specific subnet:
container network create foo --subnet 192.168.100.0/24With IPv6 support:
container network create bar --subnet 192.168.200.0/24 --subnet-v6 fd00:1234::/64Attach a container to the custom network:
container run --network foo --name app1 my-imageOn macOS 26+, containers on the same network can communicate directly. Containers on different networks cannot talk to each other.
Port Publishing
Forward a host port to a container port:
container run -p 127.0.0.1:8080:8000 node:latestThis forwards localhost:8080 to container port 8000.
DNS and Service Discovery
Each container gets a DNS name based on its container name:
container-name.test β container's IP addressI can also create custom DNS domains to access services on the host:
sudo container system dns create host.container.internal --localhost 203.0.113.113This makes it possible for containers to reach host services by a domain name.
Custom MAC Addresses
container run --network default,mac=02:42:ac:11:00:02 my-imageNetwork Management Commands
| Command | Purpose |
|---|---|
container network list | List all networks |
container network inspect foo | Show network details |
container network delete foo | Delete a network |
container network prune | Delete networks without connected containers |
macOS Version Differences
| Feature | macOS 26+ | macOS 15 |
|---|---|---|
| Container-to-container communication | Yes | No |
| Multiple custom networks | Yes | No |
| Reliable IP assignment | Yes | Potential conflicts |
| Default network | Single default | Single default |
On macOS 15, all containers attach to a single default network and cannot communicate with each other. Port publishing still works.
Summary
In this post, I showed how to create custom networks, publish ports, set up DNS domains, and manage network isolation with Apple container. The network commands follow a Docker-like pattern, with the added benefit of macOS-native DNS integration.
Final Words + More Resources
My intention with this article was to help others share my knowledge and experience. If you want to contact me, you can contact by email: Email me
Here are also the most important links from this article along with some further resources that will help you in this scope:
- π¨βπ» Apple container Network Documentation
- π¨βπ» Apple vmnet.framework Documentation
Oh, and if you found these resources useful, donβt forget to support me by starring the repo on GitHub!
Comments