Highlighted
Flight Engineer Flight Engineer
Flight Engineer
  • 440 Views

Why Docker networking fails after iptables service is Restarted or Flushed

$ sudo yum -y install docker iptables-services
$ sudo systemctl start docker
$ sudo docker run --rm centos bash -c "ping www.docker.com"
PING www.docker.com (162.242.195.82) 56(84) bytes of data.
64 bytes from docker.com (162.242.195.82): icmp_seq=1 ttl=61 time=114 ms
$ sudo systemctl restart iptables
$ sudo docker run --rm centos bash -c "ping www.docker.com"
ping: unknown host www.docker.com


A workaround to restore networking to containers is to restart the Docker daemon:

$ sudo systemctl restart docker
$ sudo docker run --rm centos bash -c "ping www.docker.com"
PING www.docker.com (162.242.195.82) 56(84) bytes of data.
64 bytes from docker.com (162.242.195.82): icmp_seq=1 ttl=61 time=114 ms

 

Akash S. Solanke
Labels (1)
Tags (3)
4 Replies
Highlighted
Flight Engineer Flight Engineer
Flight Engineer
  • 437 Views

Re: Why Docker networking fails after iptables service is Restarted or Flushed

Because that is how Docker networking or more specifically Nating works, it is dependent on iptables and you have flushed the rules that do as such and were added by docker. 

you will find many refrences to this on the internet. here is one https://github.com/moby/moby/issues/12294

 

~ Walid - the DevOps Janitor
Reply
Loading...
Highlighted
Flight Engineer Flight Engineer
Flight Engineer
  • 432 Views

Re: Why Docker networking fails after iptables service is Restarted or Flushed

Nating is not related to iptable both of the terms are different. Where as nating hides the orignal ip and provides the cover on the top of orignal ip address. If you check iptable stores the firewall and chain rules.


@Walid wrote:

Because that is how Docker networking or more specifically Nating works, it is dependent on iptables and you have flushed the rules that do as such and were added by docker. 

you will find many refrences to this on the internet. here is one https://github.com/moby/moby/issues/12294

 


 

Akash S. Solanke
0 Kudos
Reply
Loading...
Highlighted
Flight Engineer Flight Engineer
Flight Engineer
  • 434 Views

Re: Why Docker networking fails after iptables service is Restarted or Flushed

Nating is not related to iptable both of the terms are different. Where as nating hides the orignal ip and provides the cover on the top of orignal ip address. If you check iptable stores the firewall and chain rules.

Akash S. Solanke
0 Kudos
Reply
Loading...
Highlighted
Flight Engineer Flight Engineer
Flight Engineer
  • 426 Views

Re: Why Docker networking fails after iptables service is Restarted or Flushed

Can you then explain how Docker networking works? I am sorry, you need to review your iptables. Docker use private addresses and creates an internal bridge, for this to  be exposed to the outside, you need nating, docker and other runtime engines are looking for alternatives to Iptables, here is one issue that reports Docker search for an alternative NAT tool to iptables https://github.com/moby/libnetwork/pull/1379

 

~ Walid - the DevOps Janitor
0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.