CentOS Question posted in
The official documentation can be found here.

Docker containers in the same network cannot communicate with each other – CentOS

I am for the first time using Docker in Centos.

When deploying two containers, I found out I was having routing problems for the internet, and then I found out I even couldn’t make them communicate with each other (despite being on the default bridge network).

In one container this happens:

/ # ip a | grep 172
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
/ # ping 172.17.0.3
PING 172.17.0.3 (172.2.0.3): 56 data bytes
^C
--- 172.17.0.3 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

In the other, the same behaviour:

/ # ip a | grep 172
    inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
/ # ping 172.17.0.2
PING 172.17.0.2 (172.2.0.2): 56 data bytes
^C
--- 172.2.0.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

And they are in the same network:

$ docker inspect 91767dd3adfa | grep -i networkid
                    "NetworkID": "d36d28507f9cc3f6c40437330af3778c117d303e106de0b3b43ad7919d2791c7",
$ docker inspect a393490d8d02 | grep -i networkid
                    "NetworkID": "d36d28507f9cc3f6c40437330af3778c117d303e106de0b3b43ad7919d2791c7",
$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
d36d28507f9c        bridge              bridge              local
f32f4c8d6187        host                host                local
5693790b1713        none                null                local

Why does it happen? I’ve used Docker in Ubuntu and MacOS and it works seamlessly.

Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    I found out the solution.

    Enabling firewall to allow connections going from and coming to docker0 network.

    That was performed with the following commands:

    iptables -I INPUT -s <network> -i docker0 -m comment --comment "00015 input on docker0" -j ACCEPT
# accept any package coming from the network to docker0 interface
iptables -I FORWARD -m comment --comment "00010 conntrack on forward" -m state --state RELATED,ESTABLISHED -j ACCEPT
# maintain any 'session' or link to be able to return packages fro meth0 to docker0 (answer). Very tightened to the existance of a 'nat', otherwise this entry does not have any impact
iptables -I FORWARD -s <network> -i docker0 -o eth0 -m comment --comment "00011 forward to eth0 from docker0" -j ACCEPT
#forward packages
iptables -t nat -I POSTROUTING -s  <network> -o eth0 -m comment --comment "00013 masquerade on eth0 from docker0"
-j MASQUERADE
# create nat in order for any package that goes out of the host to be able to come back using the ip of the host and after the ip of the container

  2. 0

    try create a new network and associate the containers this network, the network default docker “bridge” dont work as others network created manually

    Login or Signup to reply.
  3. 0

    What i see here is that it is completely your mistake, the IP of the machines are in the network 172.17.0.0/16
    but you are trying to ping machines at 172.2.0.0/16 so it will not work as the machines with this network are out of scope and plus the IP’s of existing machines are not the ones you are sending ping request to.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search