You are not logged in.

Pages: 1

#1 2020-06-07 18:45:15

gpolecle
Member
Registered: 2015-06-12
Posts: 6

Docker bridge interface not working

Hello,

I have seen many threads about this but none of them helped so I hope I can get some help here:

What I know so far:
- Networking works with --net host
- ping is working and the latencies I get match the ones I get on host
- It let me think that it is a naming resolving issue but unfortunately when I telnet with the IP address and a port that is open on a machine I get "Host is unreachable"
- Traceroute seems to be stopped at 172.17.0.1 so I assume traffic must be blocked but that seem incompatible with the fact that ping latencies are correct (i.e. long when the destination is far away. If traffic was blocked then it should be fast)
- According to iptables forwarding is enabled on docker0 as the counter increase
- I flushed all the iptables rules and docker reloaded them when I restarted so I assume they are correct

More information:

$ docker --version
Docker version 19.03.11-ce, build 42e35e61f3
$ ip route
default via 192.168.0.1 dev enp4s0 proto dhcp metric 100 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.0.0/24 dev enp4s0 proto kernel scope link src 192.168.0.50 metric 100 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 70:85:c2:61:de:b0 brd ff:ff:ff:ff:ff:ff
3: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 70:85:c2:61:de:b2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.50/24 brd 192.168.0.255 scope global dynamic noprefixroute enp4s0
       valid_lft 3559sec preferred_lft 3559sec
    inet6 fe80::b7ea:a951:f054:79d9/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: enp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 70:85:c2:61:de:b4 brd ff:ff:ff:ff:ff:ff
5: wlp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether d2:4b:d7:b9:4a:7a brd ff:ff:ff:ff:ff:ff permaddr f8:94:c2:a5:b1:21
6: gpd0: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 500
    link/none 
8: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:70:5a:56:7f brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:70ff:fe5a:567f/64 scope link 
       valid_lft forever preferred_lft forever
89: veth55d8a16@if88: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 66:b1:40:49:85:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::64b1:40ff:fe49:85bf/64 scope link 
       valid_lft forever preferred_lft forever
$ docker info
Client:
 Debug Mode: false

Server:
 Containers: 6
  Running: 1
  Paused: 0
  Stopped: 5
 Images: 112
 Server Version: 19.03.11-ce
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: d76c121f76a5fc8a462dc64594aea72fe18e1178.m
 runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 5.6.11-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 32
 Total Memory: 62.74GiB
 Name: glw
 ID: RM2Q:BPK3:FRO7:N3UI:OT6E:EJQ4:TCDB:D7IT:AFSZ:N4P2:UIZO:JYPH
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
     Active: active (running) since Sun 2020-06-07 14:24:21 EDT; 17min ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 818965 (dockerd)
      Tasks: 85 (limit: 76993)
     Memory: 94.3M
     CGroup: /system.slice/docker.service
             ├─818965 /usr/bin/dockerd -H fd://
             ├─818986 containerd --config /var/run/docker/containerd/containerd.toml --log-level info
             ├─819679 containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.>
             └─819697 bash
$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
3cb9ba3a8c23        bridge              bridge              local
25f5082e07bb        host                host                local
5f2a5c00fcf8        none                null                local
# iptables -L -v -n 
Chain INPUT (policy ACCEPT 47115 packets, 121M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  614 52282 DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  614 52282 DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  270 22680 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
  344 29602 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 44264 packets, 5594K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  344 29602 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
  614 52282 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
  344 29602 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  614 52282 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Thank you for your help!

Offline

Pages: 1

Board footer

Powered by FluxBB