Docker failed to access the external network

This is the third day of my participation in the August More text Challenge. For details, see:August is more challenging

Previously: In the last article deploying GitLab with Docker, it was mentioned that the container was created with Docker, and the external network could not be accessed in the container.

If you’ve tried a lot of things and they don’t work, see if the following is the same.

Cause: ipv4 forwarding of eth0 is not enabled

Note: The environment may be different on each machine and may not necessarily be eth0. Check the forwarding for files under /proc/sys/net/ipv4/conf

[root@test ~] cat /proc/sys/net/ipv4/conf/eth0/forwarding
0
[root@test ~] cat /proc/sys/net/ipv4/ip_forward
1
Copy the code

Reference:

How to properly permanent enable ip forwarding in Linux with systemd?

systemd-networkd

The next step is to modify the network card so that its forward is 1

[root@test ~] cd /etc/systemd/network/
[root@test network] ls
10-eth0.network
[root@test network] vim 10-eth0.network
Copy the code

When viewing this file, it is found that there is only one DNS configuration under [Network].

View information about [Network] :

As you can see, the default configuration of IPForward is false, which means that incoming packets are not forwarded to other interfaces according to the routing table.

Add IPForward=ipv4 under [Network]

[Network]
IPForward=ipv4						## Add the line
Copy the code

Restart the network

[root@test network] systemctl restart systemd-networkd
[root@test network] cat /proc/sys/net/ipv4/conf/eth0/forwarding
1
Copy the code

You can see that forwarding for eth0 is enabled.

Open a container for testing

root@6bb3335c6d85:/usr/local/tomcat# ping 8.8.8.8PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: Icmp_seq =1 TTL =111 time=7.85 ms 64 bytes from 8.8.8.8: ICmp_seq =2 TTL =111 time=7.80 ms 64 bytes from 8.8.8.8: ICmp_seq =2 TTL =111 time=7.80 ms 64 bytes from 8.8.8.8: Icmp_seq =3 TTL =111 time=7.79 ms ^C -- 8.8.8.8 ping statistics -- 3 packets transmitted, 3 received, 0% packet loss, time 5msCopy the code

The network in the container is restored.

If this is not your case, refer to the methods summary

Methods to summarize

Reference:

IP forwarding configuration in centos7

Docker cannot connect to the Internet

Configure DNS

Docker Network In Centos7 Docker0 (Bridge) is not connected to the container network pit

There’s something wrong with the bridge

Rebuild the Docker0 bridge

sudo service docker stop
sudo pkill docker
sudo iptables -t nat -F
sudo ifconfig docker0 down
sudo brctl delbr docker0
sudo service docker start
Copy the code

There is something wrong with the DNS

The IP address can be pinged but the domain name cannot be pinged

Edit the /etc/docker/daemon.json file and add DNS information

{
  "dns" : [
    "114.114.114.114"."8.8.8.8"]}Copy the code

Forwarding is not set

Check whether the forwarding is 0

cat /proc/sys/net/ipv4/ip_forward
Copy the code

If the value is 0, set the following parameters

vim /etc/sysctl.conf                   
net.ipv4.ip_forward=1          # Add line changeSysctl -pCopy the code

Network segment conflict

Eth0 conflicts with the network segment of Docker’s virtual network adapter

See Deploying GitLab with Docker

Kernel problem

The Bridge. ko driver used by Docker to load the kernel is abnormal, resulting in the failure of docker0 network adapter to forward packets

To upgrade the kernel

sudo yum list kerner		List the available kernels
sudo yum update kernel -y	Upgrade kernel
sudo reboot					# to restart
Copy the code

After the preceding operations, it is better to restart Docker. If Docker cannot start, for example, Failed to start Docker Application Container Engine.

You can delete the /etc/docker/daemon.json file, wait a while, and restart Docker.

systemctl restart docker
Copy the code

conclusion

This article lists various solutions that the container cannot access the external network after creating the container with Docker.