Docker doesn't forward port if not run as a root user

jkosecki · March 23, 2018, 3:38pm

Hi, I’ve installed Docker CE following these instructions: Ubuntu | Docker Docs

and added my user to the docker group:

$ groups $USER                                                                                                                                                  
xxx : gg_windc1_domusers sudo docker

When I run docker run without sudo the specified ports are not forwarded, although the container works.
$ docker run --name some-nginx -d -p 9090:80 nginx

$ sudo iptables -L                                                                                                                                               
Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION  all  --  anywhere             anywhere            
DOCKER     all  --  anywhere             anywhere            
      

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

However, if I do the same as a root user the ports are opened.
sudo docker run --name some-nginx -d -p 9090:80 nginx

$ sudo iptables -L
Chain DOCKER (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:http

Do you know, what might be the reason for such a behavior?

I’m using Docker version 18.03.0-ce, build 0520e24 on Ubuntu 16.04.4 LTS.

I’ve noticed that my network interface is not eth0. Could it be the reason?

$ ifconfig                                                                                                                                                      =
docker0   Link encap:Ethernet  HWaddr 02:42:eb:a5:fb:03  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:ebff:fea5:fb03/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1175 (1.1 KB)  TX bytes:5757 (5.7 KB)

enp0s25   Link encap:Ethernet  HWaddr 50:9a:4c:5a:c4:5d  
          inet addr:192.168.2.220  Bcast:192.168.3.255  Mask:255.255.254.0
          inet6 addr: fe80::529a:4cff:fe5a:c45d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19492 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10451 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9262694 (9.2 MB)  TX bytes:1642975 (1.6 MB)
          Interrupt:20 Memory:f7f00000-f7f20000

Topic		Replies	Views
RHEL8 Docker-CE rootless: Exposed port not working withouth 'sudo -s firewall-cmd --add-port=8081/tcp' General docker	0	734	October 13, 2021
Root permissions for user inside a Docker container General docker	1	3556	September 29, 2015
Dockerfile symantics to simplify running non-root? Feature Requests	0	718	May 22, 2019
Docker daemon access within Docker as non-root user: Permission denied while trying to connect to Docker daemon socket General	4	5278	March 29, 2021
Docker in Docker for non-root user General	4	11925	December 13, 2021

Docker doesn't forward port if not run as a root user

Related topics