Docker bridge network breaks local internet
On a fresh install of ubuntu-server v24.04 and docker-ce v27.4.1, if I run any docker container with bridge network it breaks the whole local internet after 2-3s. I've checked mybridge network is unma
On a fresh install of ubuntu-server v24.04 and docker-ce v27.4.1, if I run any docker container with bridge network it breaks the whole local internet after 2-3s. I've checked my docker0 bridge network is unmamanged. Everything seems fine to me, if I ping google.com from docker it shows 66% packet loss.
docker run -it --rm busybox ping -c3 google.com
PING google.com (216.58.196.110): 56 data bytes
64 bytes from 216.58.196.110: seq=0 ttl=53 time=55.065 ms
--- google.com ping statistics ---
3 packets transmitted, 1 packets received, 66% packet loss
round-trip min/avg/max = 55.065/55.065/55.065 ms
networkctl output:
IDX LINK TYPE OPERATIONAL SETUP
1 lo loopback carrier unmanaged
2 enp37s0 ether routable configured
3 docker0 bridge no-carrier unmanaged
ip route:
default via 10.12.0.1 dev enp37s0 proto dhcp src 10.12.0.10 metric 100
1.1.1.1 via 10.12.0.1 dev enp37s0 proto dhcp src 10.12.0.10 metric 100
10.12.0.0/24 dev enp37s0 proto kernel scope link src 10.12.0.10 metric 100
10.12.0.1 dev enp37s0 proto dhcp scope link src 10.12.0.10 metric 100
10.12.0.10 dev enp37s0 proto dhcp scope host src 10.12.0.10 metric 100
172.16.0.0/24 dev docker0 proto kernel scope link src 172.16.0.1 linkdown
iptables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Follow
asked Dec 23, 2024 at 8:21
11111 bronze badge
1 Answer
Sorted by:
Highest score (default) Date modified (newest first) Date created (oldest first)
0
You can check if it is a IP/subnet conflicts, lets try if changing the docker default subnet fix your problem
cat <<EOF | sudo tee /etc/docker/daemon.json
{
"bip": "172.31.0.1/24"
}
EOF
sudo systemctl restart docker
then run the container again
docker run -it --rm busybox ping -c 3 google.com
if this still doesnt work you can try flushing the iptables rules, dont try this if you are on a production server because it can lock you out
# Save existing rules just in case
sudo iptables-save > /root/iptables-backup-$(date +%s).txt
# Flush/filter all existing rules
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -X
# Set default policies to ACCEPT
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
# Try pinging from within Docker
docker run --rm busybox ping -c 3 google.com
Follow
answered Dec 23, 2024 at 12:14
2,46422 gold badges1313 silver badges2323 bronze badges
-
1
Thank you, but this solution not working for me. I have tried settingbipand flushing the iptables. after flushing iptables I gotping: bad address 'google.com', I have also tried adding dns in/etc/docker/daemon.json, still not working.. 😔 CommentedDec 23, 2024 at 18:39 - you can try with known DNS like 8.8.8.8 or 9.9.9.9 in /etc/resolv.conf CommentedDec 24, 2024 at 0:45
- no working as well.. still getting bad address 'google.com' CommentedDec 24, 2024 at 6:56
有“AI”的1024 = 2048,欢迎大家加入2048 AI社区
更多推荐
4
0- 0
已为社区贡献154条内容
所有评论(0)