Acetech
Flight Engineer Flight Engineer
Flight Engineer
  • 5,750 Views

Why Docker networking fails after iptables service is Restarted or Flushed

$ sudo yum -y install docker iptables-services
$ sudo systemctl start docker
$ sudo docker run --rm centos bash -c "ping www.docker.com"
PING www.docker.com (162.242.195.82) 56(84) bytes of data.
64 bytes from docker.com (162.242.195.82): icmp_seq=1 ttl=61 time=114 ms
$ sudo systemctl restart iptables
$ sudo docker run --rm centos bash -c "ping www.docker.com"
ping: unknown host www.docker.com


A workaround to restore networking to containers is to restart the Docker daemon:

$ sudo systemctl restart docker
$ sudo docker run --rm centos bash -c "ping www.docker.com"
PING www.docker.com (162.242.195.82) 56(84) bytes of data.
64 bytes from docker.com (162.242.195.82): icmp_seq=1 ttl=61 time=114 ms

 

Akash S. Solanke
Labels (1)
Tags (3)
4 Replies
Walid
Flight Engineer Flight Engineer
Flight Engineer
  • 5,747 Views

Because that is how Docker networking or more specifically Nating works, it is dependent on iptables and you have flushed the rules that do as such and were added by docker. 

you will find many refrences to this on the internet. here is one https://github.com/moby/moby/issues/12294

 

~ Walid - Red Hat Accelerator, DevOps Janitor
Acetech
Flight Engineer Flight Engineer
Flight Engineer
  • 5,742 Views

Nating is not related to iptable both of the terms are different. Where as nating hides the orignal ip and provides the cover on the top of orignal ip address. If you check iptable stores the firewall and chain rules.


@Walid wrote:

Because that is how Docker networking or more specifically Nating works, it is dependent on iptables and you have flushed the rules that do as such and were added by docker. 

you will find many refrences to this on the internet. here is one https://github.com/moby/moby/issues/12294

 


 

Akash S. Solanke
0 Kudos
Acetech
Flight Engineer Flight Engineer
Flight Engineer
  • 5,744 Views

Nating is not related to iptable both of the terms are different. Where as nating hides the orignal ip and provides the cover on the top of orignal ip address. If you check iptable stores the firewall and chain rules.

Akash S. Solanke
0 Kudos
Walid
Flight Engineer Flight Engineer
Flight Engineer
  • 5,736 Views

Can you then explain how Docker networking works? I am sorry, you need to review your iptables. Docker use private addresses and creates an internal bridge, for this to  be exposed to the outside, you need nating, docker and other runtime engines are looking for alternatives to Iptables, here is one issue that reports Docker search for an alternative NAT tool to iptables https://github.com/moby/libnetwork/pull/1379

 

~ Walid - Red Hat Accelerator, DevOps Janitor
0 Kudos
Join the discussion
You must log in to join this conversation.