* [ISSUE] Docker bridge does not get outside network connection @ 2022-05-01 0:26 sincorchetes 2022-05-01 2:27 ` classabbyamp ` (2 more replies) 0 siblings, 3 replies; 4+ messages in thread From: sincorchetes @ 2022-05-01 0:26 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 4321 bytes --] New issue by sincorchetes on void-packages repository https://github.com/void-linux/void-packages/issues/36928 Description: * xuname: Void 5.15.36_1 x86_64 GenuineIntel uptodate rrFFFF * package: docker-20.10.12_1 ### Expected behavior Run a container and get an outside connection: ``` docker run -ti alpine apk add --update shadow fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz OK: 6 MiB in 14 packages ``` ### Actual behavior ``` docker run -ti alpine apk add --update shadow fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.15/main: temporary error (try again later) WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/main: No such file or directory fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz ``` ### Workaround (It does not solve the problem) ``` docker run -ti --network=host alpine apk add --update shadow fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz OK: 6 MiB in 14 packages ``` iptables does not apply rules: ``` sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ``` iptables in a Docker current server works: ``` Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (4 references) target prot opt source destination ACCEPT tcp -- anywhere 172.22.0.3 tcp dpt:https ACCEPT tcp -- anywhere 172.22.0.3 tcp dpt:http Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (4 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere DROP all -- anywhere anywhere DROP all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere ``` Daemons are up: ``` run: docker: (pid 21492) 1241s; run: log: (pid 1123) 2220s run: containerd: (pid 1142) 2220s run: iptables: (pid 2718) 474s ``` ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Docker bridge does not get outside network connection 2022-05-01 0:26 [ISSUE] Docker bridge does not get outside network connection sincorchetes @ 2022-05-01 2:27 ` classabbyamp 2022-07-31 2:14 ` github-actions 2022-08-14 2:14 ` [ISSUE] [CLOSED] " github-actions 2 siblings, 0 replies; 4+ messages in thread From: classabbyamp @ 2022-05-01 2:27 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 819 bytes --] New comment by classabbyamp on void-packages repository https://github.com/void-linux/void-packages/issues/36928#issuecomment-1114107522 Comment: ``` $ docker run -ti alpine apk add --update shadow Unable to find image 'alpine:latest' locally latest: Pulling from library/alpine df9b9388f04a: Pull complete Digest: sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454 Status: Downloaded newer image for alpine:latest fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz (1/2) Installing linux-pam (1.5.2-r0) (2/2) Installing shadow (4.8.1-r1) Executing busybox-1.34.1-r5.trigger OK: 8 MiB in 16 packages ``` works fine for me here. have you rebooted since setting up docker? ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Docker bridge does not get outside network connection 2022-05-01 0:26 [ISSUE] Docker bridge does not get outside network connection sincorchetes 2022-05-01 2:27 ` classabbyamp @ 2022-07-31 2:14 ` github-actions 2022-08-14 2:14 ` [ISSUE] [CLOSED] " github-actions 2 siblings, 0 replies; 4+ messages in thread From: github-actions @ 2022-07-31 2:14 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 293 bytes --] New comment by github-actions[bot] on void-packages repository https://github.com/void-linux/void-packages/issues/36928#issuecomment-1200332172 Comment: Issues become stale 90 days after last activity and are closed 14 days after that. If this issue is still relevant bump it or assign it. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ISSUE] [CLOSED] Docker bridge does not get outside network connection 2022-05-01 0:26 [ISSUE] Docker bridge does not get outside network connection sincorchetes 2022-05-01 2:27 ` classabbyamp 2022-07-31 2:14 ` github-actions @ 2022-08-14 2:14 ` github-actions 2 siblings, 0 replies; 4+ messages in thread From: github-actions @ 2022-08-14 2:14 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 5961 bytes --] Closed issue by sincorchetes on void-packages repository https://github.com/void-linux/void-packages/issues/36928 Description: * xuname: Void 5.15.36_1 x86_64 GenuineIntel uptodate rrFFFF * package: docker-20.10.12_1 ### Expected behavior Run a container and get an outside connection: ``` docker run -ti alpine apk add --update shadow fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz OK: 6 MiB in 14 packages ``` ### Actual behavior ``` docker run -ti alpine apk add --update shadow fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.15/main: temporary error (try again later) WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/main: No such file or directory fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz ``` ### Workaround (It does not solve the problem) ``` docker run -ti --network=host alpine apk add --update shadow fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz OK: 6 MiB in 14 packages ``` iptables does not apply rules: ``` sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ``` iptables in a Docker current server works: ``` Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (4 references) target prot opt source destination ACCEPT tcp -- anywhere 172.22.0.3 tcp dpt:https ACCEPT tcp -- anywhere 172.22.0.3 tcp dpt:http Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (4 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere DROP all -- anywhere anywhere DROP all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere ``` Daemons are up: ``` run: docker: (pid 21492) 1241s; run: log: (pid 1123) 2220s run: containerd: (pid 1142) 2220s run: iptables: (pid 2718) 474s ``` Interface created: ``` 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:1c:df:07:32 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:1cff:fedf:732/64 scope link valid_lft forever preferred_lft forever ``` Network inspect: ``` docker network inspect bridge [ { "Name": "bridge", "Id": "199568389d224eff06d989b8ac8a36e919f447a96da14b6440d970b023306110", "Created": "2022-05-01T01:05:27.170799601+01:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] ``` ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-08-14 2:14 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-05-01 0:26 [ISSUE] Docker bridge does not get outside network connection sincorchetes 2022-05-01 2:27 ` classabbyamp 2022-07-31 2:14 ` github-actions 2022-08-14 2:14 ` [ISSUE] [CLOSED] " github-actions
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).