Koozali.org formerly Contribs.org

[SOLVED] Docker container can not ping outside world

Offline hfwang

  • *
  • 2,617
    • Koozali SME Server
Re: [SOLVED] Docker container can not ping outside world
« Reply #15 on: August 06, 2017, 10:47:50 AM »
Sorry, the 8000 and https ports were added by me. So only webcache in Chain Docker.

Offline Daniel B.

  • *
  • 1,657
    • Firewall Services, la sécurité des réseaux
Re: [SOLVED] Docker container can not ping outside world
« Reply #16 on: August 06, 2017, 10:59:32 AM »
Ideally, Dockerd should not mess directly with iptables but instead call a wrapper which register the needed rules in an SME DB, so they can be handled in templates and persist accross masq restart/adjust. That's what I did with fail2ban for example. But I don't know if it's feasable.
C'est la fin du monde !!! :lol:

Offline hfwang

  • *
  • 2,617
    • Koozali SME Server
Re: [SOLVED] Docker container can not ping outside world
« Reply #17 on: August 06, 2017, 11:21:35 AM »
Ideally, Dockerd should not mess directly with iptables but instead call a wrapper which register the needed rules in an SME DB, so they can be handled in templates and persist accross masq restart/adjust. That's what I did with fail2ban for example. But I don't know if it's feasable.


They did have the --no-iptables option, but it was removed from the latest version of docker.They also removed masquerading rules and introduced the chains.

Offline Daniel B.

  • *
  • 1,657
    • Firewall Services, la sécurité des réseaux
Re: [SOLVED] Docker container can not ping outside world
« Reply #18 on: August 06, 2017, 11:24:41 AM »
there's --iptables=false. But the goal would not be to disable it entirely, but to use a wrapper instead.
C'est la fin du monde !!! :lol:

Offline hfwang

  • *
  • 2,617
    • Koozali SME Server
Re: [SOLVED] Docker container can not ping outside world
« Reply #19 on: August 06, 2017, 11:32:44 AM »
there's --iptables=false. But the goal would not be to disable it entirely, but to use a wrapper instead.


That's what I meant, could not remember it by hard. In docker 17.06 that is no longer available.

Offline Daniel B.

  • *
  • 1,657
    • Firewall Services, la sécurité des réseaux
Re: [SOLVED] Docker container can not ping outside world
« Reply #20 on: August 06, 2017, 11:40:41 AM »
Wow, if that's true, docker just went from "good prototyping tool, but not meant for prod use" to "little useless toy" in my eyes.
C'est la fin du monde !!! :lol:

Offline hfwang

  • *
  • 2,617
    • Koozali SME Server
Re: [SOLVED] Docker container can not ping outside world
« Reply #21 on: August 07, 2017, 10:43:10 AM »
Wow, if that's true, docker just went from "good prototyping tool, but not meant for prod use" to "little useless toy" in my eyes.

Please don't get me wrong, I am not an expert on Docker and the latest version (17.06CE) and previous documentation and google results differ, and I don't have the details. There are a zillion things I may be mistaking in.

I came across this slide deck which may help to get a better picture https://www.slideshare.net/SreenivasMakam/docker-networking-common-issues-and-troubleshooting-techniques. But then again, it may not apply to the latest Community Edition 17.06....


Reference documentation https://docs.docker.com/engine/userguide/networking/default_network/container-communication/
« Last Edit: August 07, 2017, 11:19:17 AM by hfwang »