Hi everyone,
I noticed recently, after upgrading to F32 DNS resolution is failing
inside containers.
$ docker exec -it pre_deliverable /bin/bash -i -l
root@7d5eaa0cc50b:/# which ping
/bin/ping
root@7d5eaa0cc50b:/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=8.58 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=7.68 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=116 time=5.36 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=116 time=8.10 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 5.356/7.429/8.580/1.238 ms
root@7d5eaa0cc50b:/# ping
www.google.com
ping:
www.google.com: Temporary failure in name resolution
root@7d5eaa0cc50b:/#
I think it's because Fedora switched from iptables to nftables.
`iptables-save` shows several docker related rules, but `nft list
ruleset` doesn't seem to list any docker related rules. systemctl
tells me neither of iptables or nftables services are running, which
makes sense because firewalld is running. However I see these errors
when I look at the firewalld logs:
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' failed:
iptables v1.8.4 (legacy): Couldn't load target `DOCKER':No such file
or direc>
Try `iptables -h' or 'iptables --help' for more information.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D OUTPUT -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j
DOCKER' failed: iptables v1.8.4 (legacy): Couldn't load target
`DOCKER':No su>
Try `iptables -h' or 'iptables --help' for more information.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables
v1.8.4 (legacy): Couldn't load target `DOCKER':No such file or
directory
Try `iptables -h' or 'iptables --help' for more information.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule
exist in that chain?).
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D OUTPUT' failed: iptables: Bad rule (does a matching rule exist
in that chain?).
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -F DOCKER' failed: iptables: No chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -X DOCKER' failed: iptables: No chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -F DOCKER' failed: iptables: No chain/target/match by that
name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -X DOCKER' failed: iptables: No chain/target/match by that
name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -F DOCKER-ISOLATION-STAGE-1' failed: iptables: No
chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -X DOCKER-ISOLATION-STAGE-1' failed: iptables: No
chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -F DOCKER-ISOLATION-STAGE-2' failed: iptables: No
chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -X DOCKER-ISOLATION-STAGE-2' failed: iptables: No
chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by
that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by
that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D
FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule
(does a matching rule exist in that chain?).
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D
FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule
(does a matching rule exist in that chain?).
log.txt (END)
Anyone have any thoughts about what is going on? How can I solve this?
--
Suvayu
Open source is the future. It sets us free.