DNS resolution failure inside containers in F32

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi everyone,

I noticed recently, after upgrading to F32 DNS resolution is failing
inside containers.

  $ docker exec -it pre_deliverable /bin/bash -i -l
  root@7d5eaa0cc50b:/# which ping
  /bin/ping
  root@7d5eaa0cc50b:/# ping 8.8.8.8
  PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
  64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=8.58 ms
  64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=7.68 ms
  64 bytes from 8.8.8.8: icmp_seq=3 ttl=116 time=5.36 ms
  64 bytes from 8.8.8.8: icmp_seq=4 ttl=116 time=8.10 ms
  ^C
  --- 8.8.8.8 ping statistics ---
  4 packets transmitted, 4 received, 0% packet loss, time 8ms
  rtt min/avg/max/mdev = 5.356/7.429/8.580/1.238 ms
  root@7d5eaa0cc50b:/# ping www.google.com
  ping: www.google.com: Temporary failure in name resolution
  root@7d5eaa0cc50b:/#

I think it's because Fedora switched from iptables to nftables.
`iptables-save` shows several docker related rules, but `nft list
ruleset` doesn't seem to list any docker related rules.  systemctl
tells me neither of iptables or nftables services are running, which
makes sense because firewalld is running.  However I see these errors
when I look at the firewalld logs:

firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER' failed:
iptables v1.8.4 (legacy): Couldn't load target `DOCKER':No such file
or direc>

                Try `iptables -h' or 'iptables --help' for more information.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D OUTPUT -m addrtype --dst-type LOCAL ! --dst 127.0.0.0/8 -j
DOCKER' failed: iptables v1.8.4 (legacy): Couldn't load target
`DOCKER':No su>

                Try `iptables -h' or 'iptables --help' for more information.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D OUTPUT -m addrtype --dst-type LOCAL -j DOCKER' failed: iptables
v1.8.4 (legacy): Couldn't load target `DOCKER':No such file or
directory

                Try `iptables -h' or 'iptables --help' for more information.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D PREROUTING' failed: iptables: Bad rule (does a matching rule
exist in that chain?).
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -D OUTPUT' failed: iptables: Bad rule (does a matching rule exist
in that chain?).
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -F DOCKER' failed: iptables: No chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
nat -X DOCKER' failed: iptables: No chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -F DOCKER' failed: iptables: No chain/target/match by that
name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -X DOCKER' failed: iptables: No chain/target/match by that
name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -F DOCKER-ISOLATION-STAGE-1' failed: iptables: No
chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -X DOCKER-ISOLATION-STAGE-1' failed: iptables: No
chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -F DOCKER-ISOLATION-STAGE-2' failed: iptables: No
chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -X DOCKER-ISOLATION-STAGE-2' failed: iptables: No
chain/target/match by that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by
that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t
filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by
that name.
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D
FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule
(does a matching rule exist in that chain?).
firewalld[856]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D
FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule
(does a matching rule exist in that chain?).
log.txt (END)

Anyone have any thoughts about what is going on?  How can I solve this?

-- 
Suvayu

Open source is the future. It sets us free.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux