Revisions to docker containers cannot reach internet in bridge network mode

Notice removed Reward existing answer by Sathyajith Bhat♦

occurred Oct 7, 2022 at 0:29

Bounty Ended with A.B's answer chosen by Sathyajith Bhat♦

occurred Oct 7, 2022 at 0:29

Tweeted twitter.com/super_user/status/1577494922650861569

occurred Oct 5, 2022 at 3:04

Notice added Reward existing answer by Sathyajith Bhat♦

occurred Oct 5, 2022 at 0:19

Bounty Started worth 50 reputation by Sathyajith Bhat♦

occurred Oct 5, 2022 at 0:19

fix typo

Source Link

edited Oct 2, 2022 at 15:06

albertoperdomo2

177
1
1
6

default via 192.168.1.1 dev enp67s0f0 proto static 
172.17.0.0/24 dev enp67s0f0 proto kernel scope link src 172.17.0.1 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.1.0/24 dev enp67s0f0 proto kernel scope link src 192.168.1.32 ```

8. `iptables` look ok to me:

my_user@my_host:~$ sudo iptables --list --table nat Chain PREROUTING (policy ACCEPT) target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT) target prot opt source destination

Chain OUTPUT (policy ACCEPT) target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT) target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere

Chain DOCKER (2 references) target prot opt source destination
RETURN all -- anywhere anywhere

iptables look ok to me:

my_user@my_host:~$ sudo iptables --list --table nat
9Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere            !127.0.0.0/8 These are my current docker networks:    ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        anywhere            

Chain DOCKER (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

NETWORK ID NAME DRIVER SCOPE ba15db4d2831 bridge bridge local 938ad254f4d2 host host local 72ca52dfdedb none null local

These are my current docker networks:


Finally, if I run the container in host mode (for instance: ` docker run -it --rm --net=host python:3.6.1 /bin/bash`), DNS resolution works. 

It cannot be as simple as appending `--net=host` to my docker commands because this server run some CI/CDNETWORK pipelinesID that should be able toNAME reach internet, resolve domain names and soDRIVER on and so forth.
SCOPE
So basically, the main question is **howba15db4d2831 can I fix the bridge docker0 to be able to reach internet from my containers when in network mode bridge?**

I have tried several thingslocal
938ad254f4d2 among which ithost was restoring docker, reinstalling docker, removing the `docker0`host iface and forcing docker to create it again.
local
Any72ca52dfdedb help, feedback or commentsnone on how to solve or troubleshootnull this will be much appreciated! local

Finally, if I run the container in host mode (for instance: docker run -it --rm --net=host python:3.6.1 /bin/bash), DNS resolution works.

It cannot be as simple as appending --net=host to my docker commands because this server run some CI/CD pipelines that should be able to reach internet, resolve domain names and so on and so forth.

So basically, the main question is how can I fix the bridge docker0 to be able to reach internet from my containers when in network mode bridge?

I have tried several things among which it was restoring docker, reinstalling docker, removing the docker0 iface and forcing docker to create it again.

Any help, feedback or comments on how to solve or troubleshoot this will be much appreciated!

default via 192.168.1.1 dev enp67s0f0 proto static 
172.17.0.0/24 dev enp67s0f0 proto kernel scope link src 172.17.0.1 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.1.0/24 dev enp67s0f0 proto kernel scope link src 192.168.1.32 ```

8. `iptables` look ok to me:

my_user@my_host:~$ sudo iptables --list --table nat Chain PREROUTING (policy ACCEPT) target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT) target prot opt source destination

Chain OUTPUT (policy ACCEPT) target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT) target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere

Chain DOCKER (2 references) target prot opt source destination
RETURN all -- anywhere anywhere


9. These are my current docker networks:

NETWORK ID NAME DRIVER SCOPE ba15db4d2831 bridge bridge local 938ad254f4d2 host host local 72ca52dfdedb none null local


Finally, if I run the container in host mode (for instance: ` docker run -it --rm --net=host python:3.6.1 /bin/bash`), DNS resolution works. 

It cannot be as simple as appending `--net=host` to my docker commands because this server run some CI/CD pipelines that should be able to reach internet, resolve domain names and so on and so forth.

So basically, the main question is **how can I fix the bridge docker0 to be able to reach internet from my containers when in network mode bridge?**

I have tried several things among which it was restoring docker, reinstalling docker, removing the `docker0` iface and forcing docker to create it again.

Any help, feedback or comments on how to solve or troubleshoot this will be much appreciated!

default via 192.168.1.1 dev enp67s0f0 proto static 
172.17.0.0/24 dev enp67s0f0 proto kernel scope link src 172.17.0.1 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.1.0/24 dev enp67s0f0 proto kernel scope link src 192.168.1.32

iptables look ok to me:

my_user@my_host:~$ sudo iptables --list --table nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        anywhere            

Chain DOCKER (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

These are my current docker networks:

NETWORK ID     NAME      DRIVER    SCOPE
ba15db4d2831   bridge    bridge    local
938ad254f4d2   host      host      local
72ca52dfdedb   none      null      local

Finally, if I run the container in host mode (for instance: docker run -it --rm --net=host python:3.6.1 /bin/bash), DNS resolution works.

It cannot be as simple as appending --net=host to my docker commands because this server run some CI/CD pipelines that should be able to reach internet, resolve domain names and so on and so forth.

So basically, the main question is how can I fix the bridge docker0 to be able to reach internet from my containers when in network mode bridge?

I have tried several things among which it was restoring docker, reinstalling docker, removing the docker0 iface and forcing docker to create it again.

Any help, feedback or comments on how to solve or troubleshoot this will be much appreciated!

add complete responses

Source Link

edited Oct 2, 2022 at 14:57

albertoperdomo2

177
1
1
6

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 enp67s0f0
172.17.0.0      0.0.0.0         255.255.255.0   U     0      0        0 enp67s0f0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 enp67s0f0

default via 192.168.1.1 dev enp67s0f0 proto static 
172.17.0.0/24 dev enp67s0f0 proto kernel scope link src 172.17.0.1 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.1.0/24 dev enp67s0f0 proto kernel scope link src 192.168.1.32 ```

8. `iptables` look ok to me:

iptables look ok to me:

my_user@my_host:~$ sudo iptables --list --table nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        anywhere            

Chain DOCKER (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

my_user@my_host:~$ sudo iptables --list --table nat Chain PREROUTING (policy ACCEPT) target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL

These are my current docker networks:

Chain INPUT (policy ACCEPT) target prot opt source destination

NETWORK ID     NAME      DRIVER    SCOPE
ba15db4d2831   bridge    bridge    local
938ad254f4d2   host      host      local
72ca52dfdedb   none      null      local

Chain OUTPUT (policy ACCEPT) target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Finally, if I run the container in host modeChain POSTROUTING (for instance: docker run -it --rm --net=host python:3.6.1 /bin/bashpolicy ACCEPT), DNS resolution works target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere

It cannot be as simple as appendingChain DOCKER --net=host to my docker commands because this server run some CI/CD pipelines that should be able to reach internet, resolve domain names and so on and so forth.(2 references) target prot opt source destination
RETURN all -- anywhere anywhere

So basically, the main question is how can I fix the bridge docker0 to be able to reach internet from my containers when in network mode bridge?


9. These are my current docker networks:

I have tried several things among which it was restoring docker, reinstalling docker, removing the docker0 iface and forcing docker to create it again.NETWORK ID NAME DRIVER SCOPE ba15db4d2831 bridge bridge local 938ad254f4d2 host host local 72ca52dfdedb none null local

Any help, feedback or comments on how to solve or troubleshoot this will be much appreciated!


Finally, if I run the container in host mode (for instance: ` docker run -it --rm --net=host python:3.6.1 /bin/bash`), DNS resolution works. 

It cannot be as simple as appending `--net=host` to my docker commands because this server run some CI/CD pipelines that should be able to reach internet, resolve domain names and so on and so forth.

So basically, the main question is **how can I fix the bridge docker0 to be able to reach internet from my containers when in network mode bridge?**

I have tried several things among which it was restoring docker, reinstalling docker, removing the `docker0` iface and forcing docker to create it again.

Any help, feedback or comments on how to solve or troubleshoot this will be much appreciated!

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0

172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

iptables look ok to me:

my_user@my_host:~$ sudo iptables --list --table nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        anywhere            

Chain DOCKER (2 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

These are my current docker networks:

NETWORK ID     NAME      DRIVER    SCOPE
ba15db4d2831   bridge    bridge    local
938ad254f4d2   host      host      local
72ca52dfdedb   none      null      local

Finally, if I run the container in host mode (for instance: docker run -it --rm --net=host python:3.6.1 /bin/bash), DNS resolution works.

It cannot be as simple as appending --net=host to my docker commands because this server run some CI/CD pipelines that should be able to reach internet, resolve domain names and so on and so forth.

So basically, the main question is how can I fix the bridge docker0 to be able to reach internet from my containers when in network mode bridge?

I have tried several things among which it was restoring docker, reinstalling docker, removing the docker0 iface and forcing docker to create it again.

Any help, feedback or comments on how to solve or troubleshoot this will be much appreciated!

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 enp67s0f0
172.17.0.0      0.0.0.0         255.255.255.0   U     0      0        0 enp67s0f0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 enp67s0f0

default via 192.168.1.1 dev enp67s0f0 proto static 
172.17.0.0/24 dev enp67s0f0 proto kernel scope link src 172.17.0.1 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.1.0/24 dev enp67s0f0 proto kernel scope link src 192.168.1.32 ```

8. `iptables` look ok to me:

my_user@my_host:~$ sudo iptables --list --table nat Chain PREROUTING (policy ACCEPT) target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT) target prot opt source destination

Chain OUTPUT (policy ACCEPT) target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT) target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere

Chain DOCKER (2 references) target prot opt source destination
RETURN all -- anywhere anywhere


9. These are my current docker networks:

NETWORK ID NAME DRIVER SCOPE ba15db4d2831 bridge bridge local 938ad254f4d2 host host local 72ca52dfdedb none null local


Finally, if I run the container in host mode (for instance: ` docker run -it --rm --net=host python:3.6.1 /bin/bash`), DNS resolution works. 

It cannot be as simple as appending `--net=host` to my docker commands because this server run some CI/CD pipelines that should be able to reach internet, resolve domain names and so on and so forth.

So basically, the main question is **how can I fix the bridge docker0 to be able to reach internet from my containers when in network mode bridge?**

I have tried several things among which it was restoring docker, reinstalling docker, removing the `docker0` iface and forcing docker to create it again.

Any help, feedback or comments on how to solve or troubleshoot this will be much appreciated!

add info

Source Link

edited Oct 2, 2022 at 9:04

albertoperdomo2

177
1
1
6

These are my current docker networks:

NETWORK ID     NAME      DRIVER    SCOPE
ba15db4d2831   bridge    bridge    local
938ad254f4d2   host      host      local
72ca52dfdedb   none      null      local

I have tried several things among which it was restoring docker, reinstalling docker, removing the docker0 iface and forcing docker to create it again.

These are my current docker networks:

NETWORK ID     NAME      DRIVER    SCOPE
ba15db4d2831   bridge    bridge    local
938ad254f4d2   host      host      local
72ca52dfdedb   none      null      local

I have tried several things among which it was restoring docker, reinstalling docker, removing the docker0 iface and forcing docker to create it again.

fix typo

Source Link

edited Oct 2, 2022 at 9:02

albertoperdomo2

177
1
1
6

Loading

Source Link

asked Oct 2, 2022 at 9:02

albertoperdomo2

177
1
1
6

Loading

Stack Exchange Network

Return to Question