NAT not working in a container












2















Following instructions I've installed docker on ubuntu 13.04 (and 12.04 + 3.8 kernel), pulled the base container and started a shell inside it. It got a private IP and can ping it's default gateway but can't connect to any host outside, so no apt-get for me.



I have "net.ipv4.conf.all.forwarding = 1" in my sysctl and have POSTROUTING rules in iptables/nat table.



Did the docker installer forgot to add some rules or i'm missing something?










share|improve this question














bumped to the homepage by Community 2 days ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.






migrated from stackoverflow.com May 30 '13 at 14:41


This question came from our site for professional and enthusiast programmers.



















  • Apparently, the issue is resolved now in 14.04 with a fresh docker.

    – wiz
    Jun 10 '14 at 14:54
















2















Following instructions I've installed docker on ubuntu 13.04 (and 12.04 + 3.8 kernel), pulled the base container and started a shell inside it. It got a private IP and can ping it's default gateway but can't connect to any host outside, so no apt-get for me.



I have "net.ipv4.conf.all.forwarding = 1" in my sysctl and have POSTROUTING rules in iptables/nat table.



Did the docker installer forgot to add some rules or i'm missing something?










share|improve this question














bumped to the homepage by Community 2 days ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.






migrated from stackoverflow.com May 30 '13 at 14:41


This question came from our site for professional and enthusiast programmers.



















  • Apparently, the issue is resolved now in 14.04 with a fresh docker.

    – wiz
    Jun 10 '14 at 14:54














2












2








2








Following instructions I've installed docker on ubuntu 13.04 (and 12.04 + 3.8 kernel), pulled the base container and started a shell inside it. It got a private IP and can ping it's default gateway but can't connect to any host outside, so no apt-get for me.



I have "net.ipv4.conf.all.forwarding = 1" in my sysctl and have POSTROUTING rules in iptables/nat table.



Did the docker installer forgot to add some rules or i'm missing something?










share|improve this question














Following instructions I've installed docker on ubuntu 13.04 (and 12.04 + 3.8 kernel), pulled the base container and started a shell inside it. It got a private IP and can ping it's default gateway but can't connect to any host outside, so no apt-get for me.



I have "net.ipv4.conf.all.forwarding = 1" in my sysctl and have POSTROUTING rules in iptables/nat table.



Did the docker installer forgot to add some rules or i'm missing something?







nat






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked May 29 '13 at 6:45









wizwiz

12114




12114





bumped to the homepage by Community 2 days ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 2 days ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.






migrated from stackoverflow.com May 30 '13 at 14:41


This question came from our site for professional and enthusiast programmers.









migrated from stackoverflow.com May 30 '13 at 14:41


This question came from our site for professional and enthusiast programmers.















  • Apparently, the issue is resolved now in 14.04 with a fresh docker.

    – wiz
    Jun 10 '14 at 14:54



















  • Apparently, the issue is resolved now in 14.04 with a fresh docker.

    – wiz
    Jun 10 '14 at 14:54

















Apparently, the issue is resolved now in 14.04 with a fresh docker.

– wiz
Jun 10 '14 at 14:54





Apparently, the issue is resolved now in 14.04 with a fresh docker.

– wiz
Jun 10 '14 at 14:54










1 Answer
1






active

oldest

votes


















0














Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)






share|improve this answer
























  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f302050%2fnat-not-working-in-a-container%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)






share|improve this answer
























  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08
















0














Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)






share|improve this answer
























  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08














0












0








0







Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)






share|improve this answer













Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)







share|improve this answer












share|improve this answer



share|improve this answer










answered May 29 '13 at 15:07







creack




















  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08



















  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08

















it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

– wiz
May 29 '13 at 20:08





it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

– wiz
May 29 '13 at 20:08













By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

– creack
May 29 '13 at 23:08





By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

– creack
May 29 '13 at 23:08


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f302050%2fnat-not-working-in-a-container%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

數位音樂下載

When can things happen in Etherscan, such as the picture below?

格利澤436b