bug: docker sandbox networking fails to route TCP traffic to host.docker.internal despite --allow-host configuration

[ethaizone]

Description

The Docker Sandbox environment is preventing all outbound TCP traffic to the host machine, even when explicit proxy rules are defined. While HTTP/HTTPS traffic through the standard proxy works, direct TCP "dials" (such as MySQL on 3306) are intercepted and dropped by the container platform.

Based on ~/.docker/sandboxes/vm/claude-erp-v3/container-platform.log, the sandbox is enforcing a policy that "all traffic must go through proxy," but the system does not appear to be transparently routing allowed host traffic through that proxy.

Reproduce

1. Configure the sandbox to allow the host's MySQL port:

docker sandbox network proxy claude-erp-v3 --allow-host host.docker.internal:3306

2. Exec into the sandbox:

docker sandbox exec -it claude-erp-v3 bash

3. Attempt to connect to the host:

telnet host.docker.internal 3306

4. Check the network logs:

docker sandbox network log claude-erp-v3

Actual Behavior

• Terminal Output: telnet: Unable to connect to remote host: Connection refused
• container-platform.log Error: dial failed: direct external connections are not allowed, all traffic must go through proxy at 127.0.0.1:[PORT]
• docker sandbox network log Output:
  Shows blocked requests to 127.0.0.1:3306 under <tcp proxy policy>, even when host.docker.internal is the target.

Expected behavior

I can connect to host.docker.internal:3306 that it's running on host machine.

docker version

Client:
 Version:           29.2.1
 API version:       1.53
 Go version:        go1.25.6
 Git commit:        a5c7197
 Built:             Mon Feb  2 17:16:37 2026
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.63.0 (220185)
 Engine:
  Version:          29.2.1
  API version:      1.53 (minimum version 1.44)
  Go version:       go1.25.6
  Git commit:       6bc6209
  Built:            Mon Feb  2 17:16:47 2026
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          v2.2.1
  GitCommit:        dea7da592f5d1d2b7755e3a161be07f43fad8f75
 runc:
  Version:          1.3.4
  GitCommit:        v1.3.4-0-gd6d73eb8
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    29.2.1
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  agent: create or run AI agents (Docker Inc.)
    Version:  v1.27.1
    Path:     /Users/nimit/.docker/cli-plugins/docker-agent
  ai: Docker AI Agent - Ask Gordon (Docker Inc.)
    Version:  v1.18.0
    Path:     /Users/nimit/.docker/cli-plugins/docker-ai
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.31.1-desktop.1
    Path:     /Users/nimit/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v5.0.2
    Path:     /Users/nimit/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.47
    Path:     /Users/nimit/.docker/cli-plugins/docker-debug
  desktop: Docker Desktop commands (Docker Inc.)
    Version:  v0.3.0
    Path:     /Users/nimit/.docker/cli-plugins/docker-desktop
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.31
    Path:     /Users/nimit/.docker/cli-plugins/docker-extension
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.4.0
    Path:     /Users/nimit/.docker/cli-plugins/docker-init
  mcp: Docker MCP Plugin (Docker Inc.)
    Version:  v0.40.1
    Path:     /Users/nimit/.docker/cli-plugins/docker-mcp
  model: Docker Model Runner (Docker Inc.)
    Version:  v1.1.1
    Path:     /Users/nimit/.docker/cli-plugins/docker-model
  offload: Docker Offload (Docker Inc.)
    Version:  v0.5.56
    Path:     /Users/nimit/.docker/cli-plugins/docker-offload
  pass: Docker Pass Secrets Manager Plugin (beta) (Docker Inc.)
    Version:  v0.0.24
    Path:     /Users/nimit/.docker/cli-plugins/docker-pass
  sandbox: Docker Sandbox (Docker Inc.)
    Version:  v0.12.0
    Path:     /Users/nimit/.docker/cli-plugins/docker-sandbox
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/nimit/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.20.0
    Path:     /Users/nimit/.docker/cli-plugins/docker-scout

Server:
 Containers: 18
  Running: 0
  Paused: 0
  Stopped: 18
 Images: 28
 Server Version: 29.2.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 CDI spec directories:
  /etc/cdi
  /var/run/cdi
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: dea7da592f5d1d2b7755e3a161be07f43fad8f75
 runc version: v1.3.4-0-gd6d73eb8
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.12.72-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 8
 Total Memory: 7.75GiB
 Name: docker-desktop
 ID: f9eed2b8-9a66-4d2b-bc82-258b7094f35d
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///Users/nimit/Library/Containers/com.docker.docker/Data/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  ::1/128
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

No response

[tavori]

you should use docker sandbox network proxy claude-erp-v3 --bypass-host <your lan ip>

can access <your lan ip>:3306 to access your mysql