cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Acetech
Flight Engineer Flight Engineer
Flight Engineer
‎03-30-2020 07:19 PM
  • 9,596 Views

Why Docker networking fails after iptables service is Restarted or Flushed 

$ sudo yum -y install docker iptables-services
$ sudo systemctl start docker
$ sudo docker run --rm centos bash -c "ping www.docker.com"
PING www.docker.com (162.242.195.82) 56(84) bytes of data.
64 bytes from docker.com (162.242.195.82): icmp_seq=1 ttl=61 time=114 ms
$ sudo systemctl restart iptables
$ sudo docker run --rm centos bash -c "ping www.docker.com"
ping: unknown host www.docker.com


A workaround to restore networking to containers is to restart the Docker daemon:

$ sudo systemctl restart docker
$ sudo docker run --rm centos bash -c "ping www.docker.com"
PING www.docker.com (162.242.195.82) 56(84) bytes of data.
64 bytes from docker.com (162.242.195.82): icmp_seq=1 ttl=61 time=114 ms

 

Akash S. Solanke
Labels (1)
Labels
Tags (3)
Join the discussion
4 Replies
Walid
Flight Engineer Flight Engineer
Flight Engineer
‎03-30-2020 07:30 PM
  • 9,593 Views

Because that is how Docker networking or more specifically Nating works, it is dependent on iptables and you have flushed the rules that do as such and were added by docker. 

you will find many refrences to this on the internet. here is one https://github.com/moby/moby/issues/12294

 

~ Walid - Red Hat Accelerator, DevOps Janitor
Acetech
Flight Engineer Flight Engineer
Flight Engineer
‎03-30-2020 07:47 PM
  • 9,588 Views

Nating is not related to iptable both of the terms are different. Where as nating hides the orignal ip and provides the cover on the top of orignal ip address. If you check iptable stores the firewall and chain rules.

@Walid wrote:

Because that is how Docker networking or more specifically Nating works, it is dependent on iptables and you have flushed the rules that do as such and were added by docker. 

you will find many refrences to this on the internet. here is one https://github.com/moby/moby/issues/12294

 

 

Akash S. Solanke
0 Kudos
Acetech
Flight Engineer Flight Engineer
Flight Engineer
‎03-30-2020 07:42 PM
  • 9,590 Views

Nating is not related to iptable both of the terms are different. Where as nating hides the orignal ip and provides the cover on the top of orignal ip address. If you check iptable stores the firewall and chain rules.

Akash S. Solanke
0 Kudos
Walid
Flight Engineer Flight Engineer
Flight Engineer
‎03-30-2020 08:01 PM
  • 9,582 Views

Can you then explain how Docker networking works? I am sorry, you need to review your iptables. Docker use private addresses and creates an internal bridge, for this to  be exposed to the outside, you need nating, docker and other runtime engines are looking for alternatives to Iptables, here is one issue that reports Docker search for an alternative NAT tool to iptables https://github.com/moby/libnetwork/pull/1379

 

~ Walid - Red Hat Accelerator, DevOps Janitor
0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2024 Red Hat, Inc. Privacy policy Terms of use