NAT not working in a container












2















Following instructions I've installed docker on ubuntu 13.04 (and 12.04 + 3.8 kernel), pulled the base container and started a shell inside it. It got a private IP and can ping it's default gateway but can't connect to any host outside, so no apt-get for me.



I have "net.ipv4.conf.all.forwarding = 1" in my sysctl and have POSTROUTING rules in iptables/nat table.



Did the docker installer forgot to add some rules or i'm missing something?






nat







share|improve this question














bumped to the homepage by Community 2 days ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.






migrated from stackoverflow.com May 30 '13 at 14:41


This question came from our site for professional and enthusiast programmers.



















  • Apparently, the issue is resolved now in 14.04 with a fresh docker.

    – wiz
    Jun 10 '14 at 14:54
















2















Following instructions I've installed docker on ubuntu 13.04 (and 12.04 + 3.8 kernel), pulled the base container and started a shell inside it. It got a private IP and can ping it's default gateway but can't connect to any host outside, so no apt-get for me.



I have "net.ipv4.conf.all.forwarding = 1" in my sysctl and have POSTROUTING rules in iptables/nat table.



Did the docker installer forgot to add some rules or i'm missing something?






nat







share|improve this question














bumped to the homepage by Community 2 days ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.






migrated from stackoverflow.com May 30 '13 at 14:41


This question came from our site for professional and enthusiast programmers.



















  • Apparently, the issue is resolved now in 14.04 with a fresh docker.

    – wiz
    Jun 10 '14 at 14:54














2












2








2








Following instructions I've installed docker on ubuntu 13.04 (and 12.04 + 3.8 kernel), pulled the base container and started a shell inside it. It got a private IP and can ping it's default gateway but can't connect to any host outside, so no apt-get for me.



I have "net.ipv4.conf.all.forwarding = 1" in my sysctl and have POSTROUTING rules in iptables/nat table.



Did the docker installer forgot to add some rules or i'm missing something?






nat







share|improve this question














Following instructions I've installed docker on ubuntu 13.04 (and 12.04 + 3.8 kernel), pulled the base container and started a shell inside it. It got a private IP and can ping it's default gateway but can't connect to any host outside, so no apt-get for me.



I have "net.ipv4.conf.all.forwarding = 1" in my sysctl and have POSTROUTING rules in iptables/nat table.



Did the docker installer forgot to add some rules or i'm missing something?






nat




nat






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked May 29 '13 at 6:45









wizwiz

12114




12114





bumped to the homepage by Community 2 days ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 2 days ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.






migrated from stackoverflow.com May 30 '13 at 14:41


This question came from our site for professional and enthusiast programmers.









migrated from stackoverflow.com May 30 '13 at 14:41


This question came from our site for professional and enthusiast programmers.















  • Apparently, the issue is resolved now in 14.04 with a fresh docker.

    – wiz
    Jun 10 '14 at 14:54



















  • Apparently, the issue is resolved now in 14.04 with a fresh docker.

    – wiz
    Jun 10 '14 at 14:54

















Apparently, the issue is resolved now in 14.04 with a fresh docker.

– wiz
Jun 10 '14 at 14:54





Apparently, the issue is resolved now in 14.04 with a fresh docker.

– wiz
Jun 10 '14 at 14:54










1 Answer
1






active

oldest

votes


















0














Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)






share|improve this answer
























  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f302050%2fnat-not-working-in-a-container%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)






share|improve this answer
























  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08
















0














Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)






share|improve this answer
























  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08














0












0








0







Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)






share|improve this answer













Do you have the MASQUERADE rule?



Can you try to start the daemon with docker -d -b testbr0 and try again?



This will create a new bridge and setup all iptables rules for it.



If it works, it probably mean a iptables -t nat -F occurred at some point and the nat rules for docker have been lost. You can either manually recreate them or more easily, remove the docker bridge and restart docker :)







share|improve this answer












share|improve this answer



share|improve this answer










answered May 29 '13 at 15:07







creack




















  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08



















  • it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

    – wiz
    May 29 '13 at 20:08











  • By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

    – creack
    May 29 '13 at 23:08

















it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

– wiz
May 29 '13 at 20:08





it has a rule in a nat table: -A POSTROUTING -s 10.0.42.0/24 ! -d 10.0.42.0/24 -j MASQUERADE The 10.../24 address is for that new testbr0 interface. The network isn't available in a container started with this docker instance.

– wiz
May 29 '13 at 20:08













By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

– creack
May 29 '13 at 23:08





By any chance, would the issue be DNS linked? you can try to run a docker instance with 'docker run -dns 8.8.8.8 ping google.com'. If not, I suggest you submit an issue on the docker github.

– creack
May 29 '13 at 23:08


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f302050%2fnat-not-working-in-a-container%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

數位音樂下載

Image
數位音樂下載 為非以「實體」方式來販賣音樂的相關產品,而使用數位格式如mp3、AAC等文件格式來進行銷售販賣的一种音乐产业形式。著名的數位音樂下載服務商有iTunes Store、RecoChoku、Google Play音乐和微软Zune等。数字音乐下载在二十一世纪初一度风靡全球, [1] [2] 使得传统唱片产业走向衰落,但其自身也在2010年代流媒体音乐服务如Apple Music、Spotify等的挤压下迅速失去市场份额。 [3] [4] 数字音乐下载有便于携带、传播迅速、制作简单成本低等优点,与流媒体音乐相比也能更好保障音乐人权益; [5] 但它同时很可能带来侵犯版权和滥用的情形, [6] 也给音乐产业带来了诸多不利影响。数字音乐下载为音乐人和乐迷提供了更加便捷直接的交流渠道,也一定程度上推动了网络音乐人的出现和独立音乐的迅速发展。 [7] 目录 1 历史 1.1 技术积淀(1987-2000) 1.2 出现与兴起(2000-2004) 1.3 唱片市场的颠覆者(2004-2007) 1.4 巅峰和衰落(2005-2013) 1.5 摇摇欲坠的现状与不可预知的明天(2014至今) 2 主要文件格式 2.1 PCM编码格式 2.1.1 WAV 2.1.2 APE 2.1.3 FLAC 2.2 苹果推出的无损文件格式 2.2.1 AIFF 2.2.2 ALAC 2.3 有损压缩格式 2.3.1 MP3 2.3.2 AAC 3 主要市场 3.1 iTunes Store 3.2 Google Play音乐商店 3.3 亚马逊音乐商店 3.4 部分其他音乐商店 4 影响与评价 4.1 对音乐产业的影响 4.2 对科技行业的影响 4.3 正面评价 4.4 负面评价 4.4.1 侵权问题 4.4.2 经营模式不明晰 4.4.3 不适应移动时代 4.5 文化现象 5 延伸阅读 6 参考资料 历史 苹果iTunes+iPod的软硬件搭配让数字音
Read more

格利澤436b

Image
格利泽436b 太陽系外行星 太陽系外行星列表 艺术家笔下的格利泽436b 母恆星 母恆星 Gliese 436 星座 獅子座 赤經 ( α ) 11 h  42 m  11.0941 s [1] 赤緯 ( δ ) +26° 42′ 23.652″ [1] 距離 33.4 ly (10.2 pc) 光譜類型 M2.5 V [1] 軌道參數 半长轴 ( a ) 0.0291±0.0004 [2] AU 軌道離心率 ( e ) 0.150±0.012 [2] 公轉週期 ( P ) 2.643904±0.000005 [3] d (0.00723849 y) 軌道傾角 ( i ) 85.8 +0.21 −0.25 [3] ° 角距 ( θ ) 2.794 mas 近星點時間 ( T 0 ) 2,451,551.716 ±0.01 JD 半振幅 ( K ) 18.68±0.8 m/s 物理性质 质量 ( m ) 22.2±1.0 [2] M ⊕ 半徑 ( r ) 4.327±0.183 [2] [4] R ⊕ 密度 ( ρ ) 1.51 g cm -3 表面重力 ( g ) 1.18 g 溫度 ( T ) 712±36 [2] K 發現 發現時間 2004 發現者 巴特勒、沃格特、 馬西 et al. 發現方法 徑向速度、凌日法 發現地點 美國加利福尼亞州 發表論文 出版 其他名稱 Ross 905 b, GJ 436 b, [5] LTT 13213 b, GCTP 2704.10 b, LHS 310, AC+27:28217 b, Vyssotsky 616 b, HIP 57087 b, GEN# +9.80120068 b, LP 319-75 b, G 121-7 b, LSPM J1142+2642 b, 1RXS J114211.9+264328 b, ASCC 683818 b, G 147-68 b, UCAC2 41198281 b, BP
Read more

When can things happen in Etherscan, such as the picture below?

Image
2 I don't know why balance of the address is 0. when can this situation? etherscan balances share | improve this question asked yesterday Ru Hi Ru Hi 11 1 New contributor Ru Hi is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment  | 
Read more