You are not logged in.

#1 2019-02-07 13:00:12

newbi_
Member
Registered: 2019-02-07
Posts: 5

[solved] Docker blocking communication with internal server

Hello,

we have an internal server with git repository on there which I can connect just fine. If I start docker service I can't connect that server anymore, I have to disable the docker and reboot. Docker puts some rule chains into my iptables but they seem to be only forward rules which I think shouldn't be the source of the problem. Could someone point me in to the direction on how to solve this? I could post some logs if that would be helpful but I don't know which ones.

Last edited by newbi_ (2019-02-11 13:06:39)

Offline

#2 2019-02-08 16:23:04

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: [solved] Docker blocking communication with internal server

first, stopping the docker service should be enough to connect again.

Please post the command you use to connect whith the gitserver and it's output with and without docker running.

If you use a gui app (like a browser) to connect, start the browser from your favorite x-terminal and post the output you get in the terminal.


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#3 2019-02-08 16:45:37

newbi_
Member
Registered: 2019-02-07
Posts: 5

Re: [solved] Docker blocking communication with internal server

I cannot get on the work computer but when I try to 'git pull' it says that it cannot resolve the host. I could give the output on the Monday.

Offline

#4 2019-02-09 11:03:21

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: [solved] Docker blocking communication with internal server

potential cause dns resolving ...

make sure to try connecting with ip-address and with servername .
Also post ip route show


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#5 2019-02-11 10:18:56

newbi_
Member
Registered: 2019-02-07
Posts: 5

Re: [solved] Docker blocking communication with internal server

This is my ip route show

~ ➜ ip route show 
default via 192.168.148.1 dev enp0s31f6 proto dhcp metric 100 
192.168.148.0/24 dev enp0s31f6 proto kernel scope link src 192.168.148.143 metric 100

using nslookup:

~ ➜ nslookup internal_server                             
Server:		192.168.144.3
Address:	192.168.144.3#53
** server can't find [url]internal_server[/url]: NXDOMAIN

using dig:

~ ➜ dig <internal_server>                                                   
; <<>> DiG 9.13.5 <<>> internal_server/
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54362
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
; COOKIE: 4f84aaac1c652221 (echoed)
;; QUESTION SECTION:
;http://gitlab.usyuop.eu:10080/.	IN	A

;; AUTHORITY SECTION:
.			509	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019021100 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 192.168.144.3#53(192.168.144.3)
;; WHEN: Mon Feb 11 11:21:41 CET 2019
;; MSG SIZE  rcvd: 146

Last edited by newbi_ (2019-02-11 10:23:42)

Offline

#6 2019-02-11 12:28:59

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: [solved] Docker blocking communication with internal server

The network setup used by your company seems weird.

Your system is in 192.168.148.0/24 subnet , your gateway is set as 192.168.148.1
the ip-address of your system is probably 192.168.148.143

Its dns server however is 192.168.144.3 , which is in  a separate private subnet.
Routers normally don't route between 192.168.x.0/24 networks , unless there are specific routes added.

The fact your pc doesn't have a route to 192.168.144.0/24 but has to use the catch-all default route to connect to its dns server suggests your gateway is not  a standard router , but some other device.

Combining everything suggests your company network is designed to work in a very specific way and confirms docker interferes with that.
Now we need to figure out which change docker makes does cause that.

- if docker is enabled, disable it
reboot
verify docker is not active

post content of /etc/resolv.conf plus

# ip route show
# iptables-save

start docker
post the 3 mentioned above again so we can see differences.

Last edited by Lone_Wolf (2019-02-11 13:04:38)


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#7 2019-02-11 12:39:31

newbi_
Member
Registered: 2019-02-07
Posts: 5

Re: [solved] Docker blocking communication with internal server

Thank you very much for your help, I have figured it out.

I changed the IP address of docker0 and docker-gwbridge, which were in conflict with some addresses. Now everything works fine.

Offline

#8 2019-02-11 13:05:33

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: [solved] Docker blocking communication with internal server

Great, please prepend [solved] to the thread title (edit the first post)


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

Board footer

Powered by FluxBB