Problem description
Docker bridge is not working as per expectation
Host not reachable from docker container and vice versa
Steps to reproduce
docker network ls
NETWORK ID NAME DRIVER SCOPE
e83fc4ed421c bridge bridge local
7a85d027a7f6 host host local
09b1dcfaa497 none null local
brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.000000000000 no
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eno16777984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:50:56:a8:b3:b5 brd ff:ff:ff:ff:ff:ff
inet 172.24.91.47/24 brd 172.24.91.255 scope global eno16777984
valid_lft forever preferred_lft forever
83: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:ce:69:0a:60 brd ff:ff:ff:ff:ff:ff
inet 172.26.0.1/16 brd 172.26.255.255 scope global docker0
valid_lft forever preferred_lft forever
docker run -dt ubuntu sleep infinity
fef2c3aaf64ccacc21a16de6029d22e1ba7ff8de770c9c14532f8d659d0d694d
brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.000000000000 no veth38adad5
docker network inspect bridge
"Containers": {
"fef2c3aaf64ccacc21a16de6029d22e1ba7ff8de770c9c14532f8d659d0d694d": {
"Name": "objective_aryabhata",
"EndpointID": "84e7836885750933a76d1fe0ac4fc86d020eb453ca45f62c1e2fb3e27afd7e9c",
"MacAddress": "02:42:ac:1a:00:02",
"IPv4Address": "172.26.0.2/16",
"IPv6Address": ""
}
}
Host to container ping ping 172.17.0.2
Expected : Ping should work
Actual : (Not working )
Container to host ping docker run busybox ping 172.24.91.47
Expected : Ping should work
Actual : (Not working )
Container to internet ping docker run busybox ping 8.8.8.8
Expected : Ping should work
Actual : (Not working )
Additional information
uname -a
Linux teleblnk9147 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
docker -v
Docker version 19.03.8, build afacb8b
sudo iptables-save
# Generated by iptables-save v1.4.21 on Tue Nov 24 16:50:20 2020
*filter
:INPUT ACCEPT (387891:46446579)
:FORWARD ACCEPT (0:0)
:OUTPUT ACCEPT (341373:46544705)
:DOCKER - (0:0)
:DOCKER-ISOLATION-STAGE-1 - (0:0)
:DOCKER-ISOLATION-STAGE-2 - (0:0)
:DOCKER-USER - (0:0)
-A INPUT -i docker0 -j ACCEPT
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Tue Nov 24 16:50:20 2020
# Generated by iptables-save v1.4.21 on Tue Nov 24 16:50:20 2020
*nat
:PREROUTING ACCEPT (3399:203940)
:INPUT ACCEPT (3399:203940)
:OUTPUT ACCEPT (2430:149091)
:POSTROUTING ACCEPT (2430:149091)
:DOCKER - (0:0)
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.26.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Tue Nov 24 16:50:20 2020
service iptables status
Redirecting to /bin/systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: active (exited) since Mon 2020-11-23 16:13:06 IST; 24h ago
Main PID: 85593 (code=exited, status=0/SUCCESS)
Memory: 0B
CGroup: /system.slice/iptables.service
