0

I have set up a new Ubuntu 22.04.1 server with Docker version 20.10.21, using docker images from the exact same dockerfiles that work without any problems on another Ubuntu server (20.04 though).

In my new docker installation, I experience problem reaching into the docker containers, but I can neither reach the outside world from within the docker containers.

For example, issuing this from a bash within the docker container:

# wget google.com
Resolving google.com (google.com)... 216.58.212.142, 2a00:1450:4001:82f::200e
Connecting to google.com (google.com)|216.58.212.142|:80...

That's all, it just hangs there forever. Doing the same in the other installation works just fine. So I suspect there is some significant difference between those installations, but I can't find out what it is.

I'm also running a reverse proxy docker container within the same docker network, and it cannot reach the app container in the broken environment. However, I feel that if I knew what block my outgoing requests, this would explain the other issues as well.

How can I find out what causes the docker container requests to be blocked?

This is my docker network setup:

Create the network

docker network create docker.mynet --driver bridge

Connect container #1

docker network connect docker.mynet container1

Run and connect container 2

docker run --name container2 -d -p 8485:8080 \
   --network docker.mynet \
   $IMAGE:$VERSION

Now

  • I can always wget outside from container1
  • I can wget outside from container2 on the old server, but not on the new one
not2savvy
  • 2,902
  • 3
  • 22
  • 37
  • After you run the container with your network, did you give it a bridge connection? ` docker network connect bridge container_name ` – user2695712 Nov 22 '22 at 15:00
  • @user2695712 Yes, I connect the container to a network, but I use the `--network ` option of the `docker run` command to do so. `docker network inspect ` reports that is successfully connected. – not2savvy Nov 22 '22 at 15:03
  • yes that's ok, then after the container starts, you need to give it a bridge so it can have an access to the outside world: `docker network connect bridge ` – user2695712 Nov 22 '22 at 15:04
  • just so that we are on the same page, I assume you run your containers like `docker run -d --rm -ti --network --name ... ` (or something similar) that is why you can inspect the network like `docker network inspect ` and it shows it's connected, but that doesn't mean, you will be able to access some outside dns like google.com for example, in that case you have to open a bridge for each particular container you want to, hence the `docker network connect bridge `. – user2695712 Nov 22 '22 at 15:19
  • @user2695712 It's created using `docker network create --driver bridge` and the inspect reports `"Driver": "bridge"` - so I think it looks good. However, I can get outside from the container that is connected first via `docker connect` for some reason I'm unable to explain. – not2savvy Nov 22 '22 at 15:19
  • @user2695712 I've added details about my network settings to the question. – not2savvy Nov 22 '22 at 15:27
  • -- edit: sorry wrong one, disregard that last gibberish -- – user2695712 Nov 22 '22 at 15:34
  • it could be that the proxy is causing issues :/ other than that, I don't see anything wrong with the way you start the container and network tbh. I'm not sure `--net=host` would help either. You might wanna run `apt-get update` inside the second container (as I understand you are running ubuntu on the containers as well). But that's about all I have. – user2695712 Nov 22 '22 at 15:46

2 Answers2

0

Turned out that, while the default bridge worked as expected, any user-defined network (although defined with bridge driver) did not work at all:

  • requests from container to outside world not possible
  • requests into container not possible
  • requests between containers in the same network not possible

Because container1 was created first, then connected connected to user-defined network, it was still connected the default bridge, too, and thus was able to connect to the outside while container2 wasn't.

The solution is actually in the Docker docs under Enable forwarding from Docker containers to the outside world:

$ sysctl net.ipv4.conf.all.forwarding=1
$ sudo iptables -P FORWARD ACCEPT

I don't think I had to make these changes on my Ubuntu 20.04 server, but I'm not 100% sure. However, after applying these changes, the connection issues were resolved.

I'm still looking how to make this configuration changes permanent (so they survive a reboot). Once I know it, I'll update this answer.

not2savvy
  • 2,902
  • 3
  • 22
  • 37
0

Eventually found the root cause:

I had installed Docker through apt, but it turned out that there was another Docker installation through Snap that caused the problems. Not sure how this happened though.

I removed the Snap install, and everything worked again.

See this answer for details.

not2savvy
  • 2,902
  • 3
  • 22
  • 37