Container with custom docker bridge network fails to ping external world on one host

devtkrishna · September 13, 2018, 4:59am

On most Linux hosts, I see the following

# docker network create -d bridge --subnet 10.10.0.0/16 kthommandra-net
925b5513c335315a5eae13473edc6c0f1a0f370698d6c81fc41002bd9d71e326
# docker run --rm -it --name kthommandra-tc --network=kthommandra-net tomcat:8-jre8 /bin/bash
root@efa4b6ff59c4:/usr/local/tomcat#
root@efa4b6ff59c4:/usr/local/tomcat# # ping google.com
PING google.com (216.58.195.78) 56(84) bytes of data.
64 bytes from sfo07s16-in-f78.1e100.net (216.58.195.78): icmp_seq=1 ttl=48 time=4.06 ms
64 bytes from sfo07s16-in-f78.1e100.net (216.58.195.78): icmp_seq=2 ttl=48 time=4.01 ms

But on one particular host, the ping fails.
If the same container is connected to host network namespace, then ping works fine.

I have compared iptables, route entries between passing and failing hosts and could not spot any difference.

On tcpdumping at the host interface and bridge interface, I see that ping replies are coming into the host but not reaching the bridge interface.

Any clues to debug further? Any host level settings that matter?```

Topic		Replies	Views
Couldn't able to ping host network from inside container General docker	0	355	July 28, 2023
Intermittent loss of network connectivity General	2	9201	March 13, 2017
Bridge Interface General bugfixes	0	747	September 2, 2019
Container cannot ping local network, but can ping gateway and host General docker , swarm	3	8400	May 30, 2021
Docker bridge networking does not work in Ubuntu 22.04 General	12	10852	July 9, 2024

Container with custom docker bridge network fails to ping external world on one host

Related topics