You are not logged in.
Hi
I've always been using Docker in other distributions, but that's the first time in Arch.
I run a container like this:
docker run --rm -it archlinux /bin/bash
And from within the container, I can see that
# cat /etc/resolv.conf
# Generated by NetworkManager
search ...
nameserver 192.168.5.1
which looks good. However, I cannot ping 192.168.5.1 so I cannot access the Internet from within the container.
I seem to understand that this is related to https://wiki.archlinux.org/title/Docker … d-networkd
where I read
Docker attempts to enable IP forwarding globally, but by default systemd-networkd overrides the global sysctl setting for each defined network profile. Set IPForward=yes in the network profile.
This is the contents of
> ll /etc/systemd/network/
-rw-r--r-- 1 root root 178 30 giu 12.03 20-ethernet.network
-rw-r--r-- 1 root root 179 30 giu 12.12 20-wlan.network
-rw-r--r-- 1 root root 179 30 giu 12.14 20-wwan.network
So I seem to understand that I have to add "IPForward=yes" in all of them.
I did and then I restarted systemd-networkd.service and then docker.service but the problem is still there.
I also get
> networkctl list
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 wlp0s20f3 wlan routable configured
3 docker0 bridge no-carrier unmanaged
32 veth79eb8cb ether carrier configuring
which I seem to understand is NOT OK, is it?
The wiki also mentions nft, but that's not installed.
Any help, please?
Thanks in advance
Offline
I seemed to have some nft rules enabled together with iptables, which were conflicting, so it seemed. After flushing the nft ruleset, everything worked just fine. You can check if any rules are enabled by:
sudo nft list ruleset
If so, try flushing them:
sudo nft flush ruleset
Offline
I seemed to have some nft rules enabled together with iptables, which were conflicting, so it seemed. After flushing the nft ruleset, everything worked just fine. You can check if any rules are enabled by:
sudo nft list ruleset
If so, try flushing them:
sudo nft flush ruleset
As I said in my post, nft is not installed at all.
Offline
I don't remember doing any extra steps besides just "sudo pacman -S docker" and your example command works for me. When I spin up the Arch container, I can ping 8.8.8.8. I don't have a 192.168.5.1, but I have a printer at 192.168.1.20 for instance and the container can ping it also.
The networkctl gives me:
$ networkctl list
WARNING: systemd-networkd is not running, output will be incomplete.
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback n/a unmanaged
2 enp31s0 ether n/a unmanaged
3 wlp30s0 wlan n/a unmanaged
5 vpn wireguard n/a unmanaged
6 docker0 bridge n/a unmanaged
8 vethcc4e255 ether n/a unmanaged
6 links listed.
You mention resolv.conf, but I believe this is for DNS, no? When you're pinging an IP it should be irrelevant.
Apologies if this is obvious but have you read through https://docs.docker.com/network/ ? Perhaps the issue is related to Docker networking? For example, Docker normally comes with a default bridge-type network which is called "bridge", but this is a stripped down, legacy version of the bridge-type networks created by "docker network ...". The point of the bridge is that you can connect to the host's LAN as well as other containers on the same Docker network, but maybe in your case "bridge" is misconfigured or you're using another one. In any case, try creating a new bridge-type network as described in the Docker docs, and then make sure your container is attached to it (I think there's a "--network" argument for docker run).
Also, make sure you can ping the same IP from your host
Offline
Hi
As you said in https://bbs.archlinux.org/viewtopic.php … 0#p2043730
Someone mentioned he had NetworkManager and systemd-networkd running at the same time
and, indeed, disabling systemd-networkd and rebooting solved my issue (I'm using NetworkManager).
I haven't enabled systemd-networkd myself... maybe it's the default in Arch?
The wiki doesn't say anything about that.
Offline
t0w3rh0u53 wrote:I seemed to have some nft rules enabled together with iptables, which were conflicting, so it seemed. After flushing the nft ruleset, everything worked just fine. You can check if any rules are enabled by:
sudo nft list ruleset
If so, try flushing them:
sudo nft flush ruleset
As I said in my post, nft is not installed at all.
I did have nftables installed. So this fixed the same issue for me. Just in case someone else has the same problem.
sudo pacman -R nftables
Offline