Issue Docker container has no internet access

[TimoViBritannia]

Hello,

I am running some docker images on my server and all of them seem to be unable to connect to the internet. When I go into their shell and curl google.de I get curl: (6) Couldn't resolve host 'google.de'. Can someone please help me to fix this? I have the firewall turned on. And the forwarding of traffic is also turned on.


Thanks,
Timo

 

[IgorG]

Couldn't resolve host 'google.de'

Looks like there is problem with hostnames resolving due to incorrect nameserver settings. Have you checked that /etc/resolv.conf has correctly specified nameservers? Also you can run docker with -dns option (eg docker run -dns 8.8.8.8 -dns 8.8.4.4 base ping google.com)

 

[TimoViBritannia]

Hi,
I have a name Server specified: thats what it is in the file.
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 80.237.128.145

 

[TimoViBritannia]

It seems like the dns server can only be accessed from the local network of my hosting provider. But when I query it from my root it works fine and resolves everything.

 

[TimoViBritannia]

But also when I add the a environment variable inside of plesk and add DNS 8.8.8.8 I still get the same dns error.

 

[TimoViBritannia]

Are there any news on regarding this issue?

 

[TimoViBritannia]

Can someone please help me with this? Please

 

[Herman Ronk]

Can someone please help me with this? Please

Did you find a solution for this problem? I have the same situation with a Duplicati container..

 

[AYamshanov]

Hello,

Could you describe your environment with Plesk (OS/version, Plesk/version, network settings, container)? Do you have steps to reproduce this issue? I think it should help with diagnosis.

 

[mr-wolf]

You first need to establish if you have an internet connection before putting the blame on DNS.

If DNS is correctly set, but no connecting to the outside world is present you will get the same error message (could not resolve host).

Do a 'ping 8.8.8.8'

For the Docker to work some special firewall rules should be in place. Check if these exist (on the host terminal, not in the docker)

iptables-save | grep -i docker


Do you have your firewall enabled and is it the one from Plesk?

 

[Herman Ronk]

The server:
Operating System: CentOS Linux 7 (Core)

Plesk:
Plesk Onyx
Version 17.5.3 Update #28

The container config:


Which is a Duplicati container: https://hub.docker.com/r/linuxserver/duplicati/

I can't ping from the container since the ping application is not present:

ping 8.8.8.8
bash: ping: command not found

From the host: iptables-save | grep -i docker :

:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 8200 -j DNAT --to-destination 172.17.0.2:8200
:DOCKER - [0:0]
:DOCKER-ISOLATION - [0:0]
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8200 -j ACCEPT
-A DOCKER-ISOLATION -j RETURN

resolv.conf in the container:

nameserver 8.8.8.8
nameserver 8.8.4.4

I can reach the Duplicati interface from outside the server, so the container is at least accessible from outside the container.

 

[AYamshanov]

Hi,

The Duplicati container does not contain any diagnostic tools like ping, ifconfig, netstat, iptables, etc... Try to research the issue with another container like 'centos' with diagnostic tools:

[root@ip-172-31-47-63 plesk]# docker run -it centos /bin/bash
[root@10eb3d0c63c7 /]# ping www.google.com
PING www.google.com (172.217.5.228) 56(84) bytes of data.
64 bytes from iad30s07-in-f228.1e100.net (172.217.5.228): icmp_seq=1 ttl=47 time=1.11 ms
64 bytes from iad30s07-in-f228.1e100.net (172.217.5.228): icmp_seq=2 ttl=47 time=1.32 ms
64 bytes from iad30s07-in-f228.1e100.net (172.217.5.228): icmp_seq=3 ttl=47 time=1.11 ms
64 bytes from iad30s07-in-f228.1e100.net (172.217.5.228): icmp_seq=4 ttl=47 time=1.14 ms
^C
--- www.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.113/1.175/1.327/0.094 ms
[root@10eb3d0c63c7 /]# exit
[root@ip-172-31-47-63 plesk]#

I hope this could help get more helpful information about your environment. If in centos-container you have no problem with access to the Internet, I think you need ask for help on a forum of a maintainer of the container (LinuxServer.io).

 

[Herman Ronk]

Okay.. This is unexpected.. After running the centos container (which had internet access) the Duplicati container started working.. The IPtables output is still the same but something must have changed. For now i'm glad it is working, but if I can find the time I will try to duplicate the situation and find out what changed.

Thanks for the help.

 

[decodernt]

Just faced this problem, and it was i minified installation problem..i ran docker exec --user="root" -it <docker> unminimize and now i can connect to outter world, apt install or anything else..