Docker Container Has No Internet Access

I have a problem with my swarm cluster.
I have 3 nodes(1 manager, 2workers) swarm cluster on AWS 3 EC2 instances. Traefik works on manger node and this node/EC2 has public ipv4.
My 2 different Django apps work in other 2 worker nodes. And these nodes don’t have public ipv4 because AWS change pricing policy about public ipv4 IPs. When these nodes has ipv4 public IPs, my Django apps can send email end reach S3 bucket and APIs. Bu whenever I removed public IPs from these node that containers could not reach web/sendmail/S3 although the host machine can access internet. When someone tries to send email to me with email form, bad gateway error appears or When I upload a photo from Django apps form to S3 bucket, again there is bad gateway error.
I need to help to fix this issue.

consider using the NAT gateway or NAT instance within your VPC to provide internet access to Docker without public IP address. This allow to communicate with the external service while still maintaining the private IP address.

Thanks for your succession but ipv4 ip would be cheaper. By the way while the hos has internet access, while does the container not have internet access?

I don’t use AWS so I don’t know how they provide public IPs. Does th public IP exist on the node or is it like a reverse proxy service in front of your nodes? Outgoiing traffic would not be affected by a missing reverse proxy service, but if the IP exist on the node and Docker routes traffic through that interface, when you remove it I can imagine the network working on the host and not inside the container. Have you tried to restart Docker or the host machine? You cana lso check the output of ip route. As a first step if you don’t want to restart the host and Docker, you could try to recreate (not restart) a container and chck the connection inside that.

“Does th public IP exist on the node or is it like a reverse proxy service in front of your nodes?” Traefik as reverse proxy works in here as a service in the swarm cluster.

“f the IP exist on the node and Docker routes traffic through that interface, when you remove it I can imagine the network working on the host and not inside the container.” I tried this too, and there was no change.

“Have you tried to restart Docker or the host machine?” I restarted docker, all host machines and re-init swarm cluster several times. ipv6 support, with-ipv6 support and some other tries.

Tried what? What you quoted was not a suggestion, but a statement.

I mean what is in front of your nodes and can you see the public ip in the list of IP addresses on the host when running ip addr?

Treafik will not affect outgoing traffic either.

I understood that if I remove ip from the last host with public ip, maybe there can be change. Totally my misunderstood and yes your statement is true. If there is no public ip on host, containers lose internet access. I tried that I removed last public ip from the host which carries Traefik service and my django apps became unreachable.

I execute “ip addr” on the host with public ip, the command didn’t show public ip address. And traefik works in this node as reverse proxy in same swarm stack.

How did you execute it “with public ip”? The command doesn’t need any parameters. What command did you run exactly?

I think I can’t follow you, sorry. I thought the problem was the internet access from the container.

Make sure that your network groups and network ALCs associated worker nodes should do not block the connection.