No internet in backend container


#1

Hi,

I installed the NRP using docker, but when I connect to the backend container I don’t seem to have an internet connection, even though I have one on my host machine.

After a quick search online, I tried linking my local /etc/resolv.conf to /run/systemd/resolve/resolv.conf instead of /run/systemd/resolve/stub-resolv.conf but it didn’t seem to help.

Do you have any idea what might be causing this?

Thanks,
Mahmoud


#2

Hi Mahmoud,

There used to be the problem in our production containers, here is an excerpt of the discussion that fixed it (not sure though it fixes your exact issue).

By default, if configured with bridge network (which seems to be marked as legacy as well), docker isolates the container from the host network, only placing iptables entries for the declared ports. That’s why wget/curl/apt-get all are failing.

[centos@test-frontend ~]$ sudo iptables -S DOCKER
-N DOCKER
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT

To solve this in the bridge network setup, we could handle our own iptables. But, I could not check the iptables settings inside the container, as iptables-binary obtained with apt-get (in a container using host network) fails with kernel permission.

Easy workaround would be to have the container in the “host” network. it works. I tested. Change the “network_mode” to “host”, in the run-frontend.yml file. Doing so would make the port mapping irrelevant. But the exact same setup should work out of the box. [addon: (container) nginx can be run directly on port 80 by say, sed-ing the conf files before starting supervisor.]

Cheers
Axel