Accessing internet inside a docker container created on Amazon Linux 2 workspace?

General
1

Is there a way to start a container that has internet access without using --network host?

Status of iptables?

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Current docker networks?

$ sudo docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
4d59e0cd6e3d   bridge    bridge    local
69fe325eb1fe   host      host      local
dc25546a67db   none      null      local

They are the default ones.

Create a new “bridge” network. Containers on this custom bridge should have internet access according to information here:

See:
https://superuser.com/questions/1130898/no-internet-connection-inside-docker-containers
https://docs.docker.com/network/bridge/#differences-between-user-defined-bridges-and-the-default-bridge
https://github.com/moby/moby/issues/866#issuecomment-19218300

"Any container connected to default bridge network prohibited from networking with outside world - see Differences between user-defined bridges and default bridge."

"Solution is simple: just create your own (user-defined) bridge network, name it, say, common, and use it explicitly with each one-off container created with docker run."

Per this information, I created a custom bridge network named: common2

$ sudo docker network create --driver bridge common2
a60fa8b43f25467517d6bb748f5344034b10abf281b270e9c478bb5d76e5fa81

common2 network has been created…

$ sudo docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
4d59e0cd6e3d   bridge    bridge    local
a60fa8b43f25   common2   bridge    local
69fe325eb1fe   host      host      local
dc25546a67db   none      null      local

Start an ubuntu based container on the new common2 network. It should have internet access because it’s on a custom network. Use --network common2 to make the container use the common2 network.

$ sudo docker run -it --network common2 ubuntu:latest bash

root@96b73bfeb72c:/# apt-get update
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease                   
  Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu focal-security InRelease         
  Temporary failure resolving 'security.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done        
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@96b73bfeb72c:/# exit
exit

The container cannot reach the internet on the common2 network.
If it is started with --network host, then it will have access…

$ sudo docker run -it --network host ubuntu:latest bash

root@a-mvuf0vdjng8:/# apt-get update
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:2 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
...
Get:16 http://archive.ubuntu.com/ubuntu focal-updates/restricted amd64 Packages [1042 kB]
Get:17 http://archive.ubuntu.com/ubuntu focal-backports/universe amd64 Packages [24.8 kB]
Get:18 http://archive.ubuntu.com/ubuntu focal-backports/main amd64 Packages [50.8 kB]
Fetched 21.1 MB in 4s (5888 kB/s)                      
Reading package lists... Done
root@a-mvuf0vdjng8:/# exit                   
exit

Status of iptables

$ sudo iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (2 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere
2

Hi,

Did you figured it out how to solve your problem?
Currently I’m facing something similar and so far couldn’t find any solution.

Thanks!