Best IT Recipes

There is no internet in my docker container

Everything worked out for me, but now it has stopped. I tried the following commands to no avail:

docker run -dns 8.8.8.8 base ping google.com

docker run base ping google.com

sysctl -w net.ipv4.ip_forward=1 - both on the host and on the container

All I get is unknown host google.com . Docker version 0.7.0

Any ideas?

PS ufw also disabled

+113
docker
Dec 06 '13 at 17:51
source share
19 answers

Fixed by following this tip:

[...] can you try to reset everything?

 pkill docker iptables -t nat -F ifconfig docker0 down brctl delbr docker0 docker -d

This will force the docker to recreate the bridge and reset all network rules.

https://github.com/dotcloud/docker/issues/866#issuecomment-19218300

It seems that the interface is somehow "frozen".

Update for newer versions of docker:

The above answer can still do your work, but it has been quite a while since this answer was posted and the docker is now more refined, so make sure you try this first before delving into iptables and thatโ€™s it.

sudo service docker restart or (if you are on a Linux distribution that does not use upstart) sudo systemctl restart docker

+72
Dec 06 '13 at 18:27
source share
โ€” -

The first thing to check is to run cat/etc/resolv.conf in the docker container . If it has an invalid DNS server, such as nameserver 127.0.xx , then the container will not be able to resolve domain names in IP addresses, so ping google.com will fail.

The second thing to check is to run cat/etc/resolv.conf on the host machine . Docker basically copies the host /etc/resolv.conf to the container every time the container starts. Therefore, if the host /etc/resolv.conf is wrong, then there will be a docker container.

If you find that the host /etc/resolv.conf is wrong, you have 2 options:

  1. Hard DNS server code in daemon.json. This is easy, but not ideal, if you expect a DNS server change.

  2. Fix hosts /etc/resolv.conf . This is a bit more complicated, but it is generated dynamically and you are not encoding the DNS server.



1. DNS server with hard code in docker daemon.json

  • Edit /etc/docker/daemon.json

     { "dns": ["10.1.2.3", "8.8.8.8"] }

  • Restart the docker daemon for these changes to take effect:
    sudo systemctl restart docker

  • Now, when you start / run the container, the docker fills /etc/resolv.conf values โ€‹โ€‹from daemon.json .



2. Fix hosts /etc/resolv.conf

A. Ubuntu 16.04 and earlier

  • For Ubuntu 16.04 and earlier, /etc/resolv.conf dynamically generated by NetworkManager.

  • Comment out the line dns=dnsmasq (c # ) in /etc/NetworkManager/NetworkManager.conf

  • Restart NetworkManager to repair /etc/resolv.conf :
    sudo systemctl restart network-manager

  • Check on the host: cat/etc/resolv.conf

B. Ubuntu 18.04 and later

  • Ubuntu 18.04 is modified to use systemd-resolved to create /etc/resolv.conf . Now, by default, it uses the local DNS cache 127.0.0.53. This will not work inside the container, so Docker will by default use the Google DNS server 8.8.8.8, which could break for people behind the firewall.

  • /etc/resolv.conf is actually a symlink ( ls -l/etc/resolv.conf ), which by default points to /run/systemd/resolve/stub-resolv.conf (127.0.0.53) by default in Ubuntu 18.04 .

  • Just change the symbolic link to /run/systemd/resolve/resolv.conf , which lists the real DNS servers:
    sudo ln -sf/run/systemd/resolve/resolv.conf/etc/resolv.conf

  • Check on the host: cat/etc/resolv.conf

You should now have a valid /etc/resolv.conf on the docker host, which will be copied to the containers.

+75
Aug 11 '17 at 23:06 on
source share

The supposed way to restart docker is to not do it manually, but use the service or init command:

 service docker restart
+55
Jan 22 '15 at 10:30
source share

Update this question with an answer for OSX (using the Docker Machine)

If you are running Docker on OSX using the Docker Machine, then the following worked for me:

 docker-machine restart <...wait for it to restart, which takes up to a minute...> docker-machine env eval $(docker-machine env)

Then (at least in my experience), if you ping google.com from the container, everything will be fine.

+21
Feb 18 '16 at 12:58
source share

I used DOCKER_OPTS="--dns 8.8.8.8" and later discovered, and my container did not have direct access to the Internet, but could access my corporate intranet. I changed DOCKER_OPTS to the following:

 DOCKER_OPTS="--dns <internal_corporate_dns_address"

replacing internal_corporate_dns_address with the IP address or fully qualified domain name of our DNS and rebooted docker using

 sudo service docker restart

and then spawned my container and verified that it has access to the Internet.

+6
Jun 15 '16 at 9:18
source share

For me, it was a host firewall. I had to resolve DNS on the host firewall. And also had to restart the docker after changing the host firewall settings.

+4
May 01, '15 at 21:44
source share

For me, this was the iptables forwarding rule. For some reason, the following rule, combined with the docker iptables rules, caused all outgoing traffic from containers to get to localhost:8080 :

 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080
+3
Sep 30 '16 at 23:43
source share

I had a problem with Ubuntu 18.04. However, the problem was in the DNS. I was on a corporate network with my own DNS server and blocked other DNS servers. This block some sites (porn, torrents, ... so on)

To solve your problem

  1. find your DNS on the host machine

  2. use --dns your_dns as suggested by @jobin

    docker run --dns your_dns -it - name cowsay --hostname cowsay debian bash

+3
May 10 '18 at 11:39
source share

I don't know what I'm doing, but it worked for me:

 OTHER_BRIDGE=br-xxxxx # this is the other random docker bridge ('ip addr' to find) service docker stop ip link set dev $OTHER_BRIDGE down ip link set dev docker0 down ip link delete $OTHER_BRIDGE type bridge ip link delete docker0 type bridge service docker start && service docker stop iptables -t nat -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE iptables -t nat -A POSTROUTING ! -o docker0 -s 172.18.0.0/16 -j MASQUERADE service docker start
+3
Mar 25 '19 at 23:54
source share

You may have launched your docker with the dns --dns 172.xxx dns --dns 172.xxx

I had the same error and removed the parameters from /etc/default/docker

Rows:

 # Use DOCKER_OPTS to modify the daemon startup options. DOCKER_OPTS="--dns 172.xxx"
+2
May 03 '16 at
source share

In windows (8.1) I killed the virtual interface (via taskmgr) and it solved the problem.

+2
Oct 27 '16 at 15:57
source share

Lack of Internet access can also be caused by a lack of proxy settings. In this case, --network host may not work. You can configure the proxy server by setting the environment http_proxy and https_proxy :

 docker run -e "http_proxy=YOUR-PROXY" \ -e "https_proxy=YOUR-PROXY"\ -e "no_proxy=localhost,127.0.0.1" ...

Remember to also set no_proxy, or all requests (including to localhost) will go through the proxy.

More info: Proxy settings on the Archlinux wiki.

+2
Nov 03 '17 at 7:52
source share

If you are on OSX, you may need to restart your computer after installing Docker. This was sometimes a problem.

+1
Mar 29 '16 at 0:30
source share

Initially, my docker container was able to get to the external Internet (this is a docker service / container running on Amazon EC2).

Since my application is an API, I followed the creation of my container (he managed to get all the packages he needed) with updating my IP tables to route all traffic from port 80 to the port that my API (running on docker) was listening to.

Then, later, when I tried to restore the container, it failed. After a big fight, I found that my previous step (setting the IPTable port forwarding rule) ruined the possibilities of an external docker network connection.

Decision. Stop the IPTable service:

sudo service iptables stop

Restarting Docker Daemon:

sudo service docker restart

Then try to restore your container. Hope this helps.



Follow up

I completely lost sight of the fact that I did not need to communicate with IP tables in order to forward incoming traffic up to 80 to the port running the docker-based API. Instead, I just used port 80 for the port running the docker API:

docker run -d -p 80:<api_port> <image>:<tag> <command to start api>

+1
Apr 03 '18 at 2:54
source share

I was confused when this happened by accident for me with one of my containers, while the other containers were fine. The container was connected to at least one non-internal network, therefore with the definition of Compose . Restarting the VM / docker daemon did not help. It was also not a DNS problem because the container could not even ping an external IP. For me, it decided to recreate the docker network (s). In my case, docker-compose down && docker-compose up worked.

compose

This forces you to recreate all the networks of all containers:

docker-compose down docker-compose up && docker-compose up

Swarm mode

I suppose you just delete and recreate the service that recreates the service networks:

docker service rm some-service

docker service create...

If the container network is external

Just delete and recreate the external networks of this service:

docker network rm some-external-network

docker network create some-external-network

+1
Feb 24 '19 at 4:37
source share

Just add this here if someone encounters this problem in a virtual box container running docker. I reconfigured the network of virtual boxes instead of the bridge instead of nat, and the problem disappeared.

0
Oct. 16 '18 at 11:16
source share

For Ubuntu 19.04 using openconnect 8.3 for VPN, I had to use the /etc/resolve.conf symbolic link to the one specified in systemd (unlike answerby wisbucky)

sudo ln -sf/etc/resolv.conf/run/systemd/resolve/resolv.conf

Debugging Steps

  1. Connect to a VPN Company
  2. Find the correct VPN settings in /etc/resolv.conf or /run/systemd/resolve/resolv.conf
  3. Depending on which DNS settings are correct, we will refer to this file with another file (hint: place the file with the correct settings to the left of the destination)

Docker version: Docker version 19.03.0-rc2, build f97efcc

0
Jun 10 '19 at 16:04 on
source share

I also encountered this problem when trying to set up a project using Docker-Compose in Ubuntu.

Docker did not have access to the Internet at all, when I tried to ping any IP address or nslookup some URL - it always failed.

I tried all possible solutions with DNS resolution described above, but to no avail.

I spent the whole day trying to figure out what was happening, and finally found out that the cause of all the troubles was the antivirus, in particular its firewall, which for some reason blocked Docker to get an IP address and port.

When I turned it off, everything worked fine.

So, if you have antivirus installed and nothing helps to solve the problem - the problem may be in the antivirus firewall.

0
Jun 27 '19 at 10:34
source share

I had a similar problem in the last few days. For me, the reason was the combination of systemd, docker and my hosting provider. I am using the latest version of CentOS (7.7.1908).

My hosting provider automatically creates a configuration file for systemd-networkd. Starting with systemd 219, which is the current version of CentOS 7, systemd-networkd controls the sysctl parameters associated with the network. Docker seems to be incompatible with this version and will reset the IP forwarding flags every time the container starts.

My solution was to add IPForward=true in the [Network] -section of my configuration file created by my provider. This file can be in several places, most likely in /etc/systemd/network .

The process is also described in the official Docker docs: https://docs.docker.com/v17.09/engine/installation/linux/linux-postinstall/#ip-forwarding-problems

0
Sep 21 '19 at 11:55 on
source share


More articles:


All Articles