8000 New docker networks cannot communicate to externally - Debian Buster · Issue #38974 · moby/moby · GitHub
[go: up one dir, main page]
Skip to content

New docker networks cannot communicate to externally - Debian Buster #38974

New issue
New issue
Open
Open
New docker networks cannot communicate to externally - Debian Buster#38974
Labels
area/networkingNetworkingversion/18.09
@VariableDeclared

Description

@VariableDeclared
VariableDeclared
opened on Mar 29, 2019

When creating a user defined network I am unable to communicate with the outside world.

I believe this may be related to #38099.

The current work around I have for this is to run:

sudo update-alternatives --config iptables
**select iptables-legacy**
sudo service docker restart

Network can now communicate, this happens for all newly created docker networks, also continues to work if you run the above steps again to revert back to iptables-nft.

Steps to reproduce the issue:

  1. Upgrade to latest packages on Debian Buster (iptables v1.8.2)
  2. Upgrade to latest docker Docker version 18.09.4, build d14af54
  3. C 6B8F reate network using defaults: docker network create usr_net
  4. Attempt to ping google or any other external host

Describe the results you received:

I was unable to communicate with any host outside of the external interface, but was able to communicate with addresses on the machine's interface.

Describe the results you expected:

To be able to communicate with outside world, freely! :-P

Additional information you deem important (e.g. issue happens only occasionally):
Happens every time,

Tried following solutions BEFORE iptables solution:

  • sudo sysctl net.ipv4.conf.all.forwarding=1
  • sudo iptables -P FORWARD ACCEPT
  • sudo modprobe ip_conntrack_pptp
  • sudo modprobe ip_nat_pptp

Output of docker version:

Docker version 18.09.4, build d14af54

Output of docker info:

Containers: 1
 Running: 1
 Paused: 0
 Stopped: 0
Images: 37
Server Version: 18.09.4
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.19.0-2-amd64
Operating System: Debian GNU/Linux buster/sid
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 23.45GiB
Name: pete-debian-workstation-local
ID: DVCT:DAM3:2B5C:OTKL:UVXW:EDVP:YH5W:EV5V:XOTY:DXNI:TOEO:UIK5
Docker Root Dir: /home/pjds/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

Additional environment details (AWS, VirtualBox, physical, etc.):
Physical

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/networkingNetworkingversion/18.09

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0