Docker container can only access internet with --net=host

I had this issue on Ubuntu 16.04 Here is the fix for this by editing the NetworkManager.conf

sudo nano /etc/NetworkManager/NetworkManager.conf

comment out dns=dnsmasq then restart the NetworkManager

sudo service network-manager restart

DONE!


I can't build images from a Dockerfile because I can't use --net=host with the build command

That is the job of the docker daemon to be able to access the internet when building.

You can help it by passing build-time arguments like 

docker build --build-arg HTTP_PROXY=http://...

That is, if you are behind a proxy.
If you are not, check your DNS settings (that issue is in the context of boot2docker, which might not concern you here, but it still can give some clues as to what to inspect).
Here is another example of DNS issue.

The OP wheeler confirms a dns-related issue in the comments:

I had to disable dnsmasq in NetworkManager, not quite sure why it was affecting docker, but DNS resolution started working inside containers when I disabled dnsmasq.

This is a workaround seen before here:

  • Disable dnsmasq by commenting it out the "dns=dnsmasq" line in /etc/NetworkManager/NetworkManager.conf and restarting the network-manager and docker.io services (sudo service network-manager restart && sudo service docker.io restart).
  • Alternatively enable the commented out DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4" line in /etc/default/docker.io (and also restart the docker.io service).

The latter workaround of course requires the 8.8.8.8 / 8.8.4.4 servers to be reachable from your network.

The OP adds:

This solution worked to some extent until I used my VPN to work from home, and the subnet of the docker bridge was colliding with my VPN subnet.

He recommends "Set the ip of the Docker bridge with Systemd"

/etc/systemd/system/docker.service.d/docker.conf should contain this:

[Service]
ExecStart=
ExecStart=/usr/bin/docker daemon -H fd:// --bip=192.168.169.1/24

And:

systemctl stop docker

# We need a program called brctl to, well, control the bridge, which is part of the bridge-utils package.
sudo apt-get install bridge-utils

#Bring down the docker0 interface:
sudo ip link set docker0 down

# And delete the bridge.
sudo brctl delbr docker0

# Finally, start the Docker daemon
systemctl start docker

Tags:

Docker

Dns

Dnsmasq

Recent Posts