Hello.

I have a docker version 1.9.1. I start my host with “docker daemon --userland-proxy=false”. However, even with exposing ports I cannot connect to container from outside. If I don’t disable proxy, I can connect normally.

If I check iptable rules “iptables -t nat -L” with proxy disabled and enabled, nothing changes. I guess there is a problem? My log says “Running modprobe nf_nat failed with message: modprobe: chdir(3.10.35): No such file or directory, error: exit status 1”. Is this a cause that NAT doesn’t work properly?

I am on kernel 3.10.35

Thanks

PS: If I check with lsmod, I can see “nf_nat 11462 3 ipt_MASQUERADE,iptable_nat,nf_nat_ipv4”

Is it possible to get some help on this forum?

netstat shows me:
tcp 1 0 ::%134877389:2222 ::%134877389:* LISTEN 22783/docker

iptables -t nat -L
`Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DEFAULT_OUTPUT all – anywhere anywhere

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
DEFAULT_POSTROUTING all – anywhere anywhere

Chain DEFAULT_OUTPUT (1 references)
target prot opt source destination
DOCKER all – anywhere anywhere ADDRTYPE match dst-type LOCAL

Chain DEFAULT_POSTROUTING (1 references)
target prot opt source destination
MASQUERADE all – anywhere anywhere ADDRTYPE match src-type LOCAL
MASQUERADE all – 172.17.0.0/16 anywhere
MASQUERADE tcp – 172.17.0.2 172.17.0.2 tcp dpt:ssh

Chain DOCKER (1 references)
target prot opt source destination
DNAT tcp – anywhere anywhere tcp dpt:2222 to:172.17.0.2:22`

I really need to run docker without userland proxy because I want to get actual IPs inside, not only host IP.

I had the same issue. It seems the docker rule for prerouting is removed while disabling userland-proxy. Fixed running:

iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER