[ISSUE] Docker bridge does not get outside network connection

Github messages for voidlinux
 help / color / mirror / Atom feed

* [ISSUE] Docker bridge does not get outside network connection
@ 2022-05-01  0:26 sincorchetes
  2022-05-01  2:27 ` classabbyamp
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: sincorchetes @ 2022-05-01  0:26 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 4321 bytes --]

New issue by sincorchetes on void-packages repository

https://github.com/void-linux/void-packages/issues/36928

Description:
* xuname:  
  Void 5.15.36_1 x86_64 GenuineIntel uptodate rrFFFF
* package:  
  docker-20.10.12_1

### Expected behavior
Run a container and get an outside connection:
```
docker run -ti alpine apk add --update shadow
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
OK: 6 MiB in 14 packages
```

### Actual behavior
```
docker run -ti alpine apk add --update shadow
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.15/main: temporary error (try again later)
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/main: No such file or directory
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
```

### Workaround (It does not solve the problem)
```
docker run -ti --network=host alpine apk add --update shadow
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
OK: 6 MiB in 14 packages
```

iptables does not apply rules:
```
sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
```

iptables in a Docker current server works:
```
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (4 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.22.0.3           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.22.0.3           tcp dpt:http

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
```

Daemons are up:
```
run: docker: (pid 21492) 1241s; run: log: (pid 1123) 2220s
run: containerd: (pid 1142) 2220s
run: iptables: (pid 2718) 474s
```

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Docker bridge does not get outside network connection
  2022-05-01  0:26 [ISSUE] Docker bridge does not get outside network connection sincorchetes
@ 2022-05-01  2:27 ` classabbyamp
  2022-07-31  2:14 ` github-actions
  2022-08-14  2:14 ` [ISSUE] [CLOSED] " github-actions
  2 siblings, 0 replies; 4+ messages in thread
From: classabbyamp @ 2022-05-01  2:27 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 819 bytes --]

New comment by classabbyamp on void-packages repository

https://github.com/void-linux/void-packages/issues/36928#issuecomment-1114107522

Comment:
```
$ docker run -ti alpine apk add --update shadow
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
df9b9388f04a: Pull complete 
Digest: sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454
Status: Downloaded newer image for alpine:latest
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
(1/2) Installing linux-pam (1.5.2-r0)
(2/2) Installing shadow (4.8.1-r1)
Executing busybox-1.34.1-r5.trigger
OK: 8 MiB in 16 packages
```
works fine for me here. have you rebooted since setting up docker?

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Docker bridge does not get outside network connection
  2022-05-01  0:26 [ISSUE] Docker bridge does not get outside network connection sincorchetes
  2022-05-01  2:27 ` classabbyamp
@ 2022-07-31  2:14 ` github-actions
  2022-08-14  2:14 ` [ISSUE] [CLOSED] " github-actions
  2 siblings, 0 replies; 4+ messages in thread
From: github-actions @ 2022-07-31  2:14 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 293 bytes --]

New comment by github-actions[bot] on void-packages repository

https://github.com/void-linux/void-packages/issues/36928#issuecomment-1200332172

Comment:
Issues become stale 90 days after last activity and are closed 14 days after that.  If this issue is still relevant bump it or assign it.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [ISSUE] [CLOSED] Docker bridge does not get outside network connection
  2022-05-01  0:26 [ISSUE] Docker bridge does not get outside network connection sincorchetes
  2022-05-01  2:27 ` classabbyamp
  2022-07-31  2:14 ` github-actions
@ 2022-08-14  2:14 ` github-actions
  2 siblings, 0 replies; 4+ messages in thread
From: github-actions @ 2022-08-14  2:14 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 5961 bytes --]

Closed issue by sincorchetes on void-packages repository

https://github.com/void-linux/void-packages/issues/36928

Description:
* xuname:  
  Void 5.15.36_1 x86_64 GenuineIntel uptodate rrFFFF
* package:  
  docker-20.10.12_1

### Expected behavior
Run a container and get an outside connection:
```
docker run -ti alpine apk add --update shadow
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
OK: 6 MiB in 14 packages
```

### Actual behavior
```
docker run -ti alpine apk add --update shadow
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.15/main: temporary error (try again later)
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.15/main: No such file or directory
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
```

### Workaround (It does not solve the problem)
```
docker run -ti --network=host alpine apk add --update shadow
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz
OK: 6 MiB in 14 packages
```

iptables does not apply rules:
```
sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
```

iptables in a Docker current server works:
```
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (4 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.22.0.3           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.22.0.3           tcp dpt:http

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
```

Daemons are up:
```
run: docker: (pid 21492) 1241s; run: log: (pid 1123) 2220s
run: containerd: (pid 1142) 2220s
run: iptables: (pid 2718) 474s
```

Interface created:
```
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:1c:df:07:32 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:1cff:fedf:732/64 scope link
       valid_lft forever preferred_lft forever
```

Network inspect:
```
 docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "199568389d224eff06d989b8ac8a36e919f447a96da14b6440d970b023306110",
        "Created": "2022-05-01T01:05:27.170799601+01:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
```

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-08-14  2:14 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-01  0:26 [ISSUE] Docker bridge does not get outside network connection sincorchetes
2022-05-01  2:27 ` classabbyamp
2022-07-31  2:14 ` github-actions
2022-08-14  2:14 ` [ISSUE] [CLOSED] " github-actions

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).