Docker Community Forums

Share and learn in the Docker community.

Docker doesn't forward port if not run as a root user


(Jkosecki) #1

Hi, I’ve installed Docker CE following these instructions: https://docs.docker.com/install/linux/docker-ce/ubuntu/

and added my user to the docker group:

$ groups $USER                                                                                                                                                  
xxx : gg_windc1_domusers sudo docker

When I run docker run without sudo the specified ports are not forwarded, although the container works.
$ docker run --name some-nginx -d -p 9090:80 nginx

$ sudo iptables -L                                                                                                                                               
Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION  all  --  anywhere             anywhere            
DOCKER     all  --  anywhere             anywhere            
      

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere  

However, if I do the same as a root user the ports are opened.
sudo docker run --name some-nginx -d -p 9090:80 nginx

$ sudo iptables -L
Chain DOCKER (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:http

Do you know, what might be the reason for such a behavior?

I’m using Docker version 18.03.0-ce, build 0520e24 on Ubuntu 16.04.4 LTS.

I’ve noticed that my network interface is not eth0. Could it be the reason?

$ ifconfig                                                                                                                                                      =
docker0   Link encap:Ethernet  HWaddr 02:42:eb:a5:fb:03  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:ebff:fea5:fb03/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1175 (1.1 KB)  TX bytes:5757 (5.7 KB)

enp0s25   Link encap:Ethernet  HWaddr 50:9a:4c:5a:c4:5d  
          inet addr:192.168.2.220  Bcast:192.168.3.255  Mask:255.255.254.0
          inet6 addr: fe80::529a:4cff:fe5a:c45d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19492 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10451 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9262694 (9.2 MB)  TX bytes:1642975 (1.6 MB)
          Interrupt:20 Memory:f7f00000-f7f20000