Docker Stops Internet on Local Machine

I am running Debian 12 (latest version) on Proxmox (running latest version - 8.22). I am running LXQt as the DE. I am following these instructions which works up to a point:
https://notthebe.ee/blog/easy-ssl-in-homelab-dns01/

I can install docker no problems and it can pull down the containers I am after. About 4 seconds after the containers start, the Internet completely stops on that machine. The rest of my machines on the network is fine.

I have even started from scratch several times which leads to the same problem: no issues until I run any docker container. The first docker container I run is nginx reverse proxy. I install portainer as well. It doesn’t matter in what order, and I can turn either one off - it doesn’t matter. The SECOND I stop all docker containers, the internet comes back.

Do I need to do anything special with the networking? I am currently on a /24 network (10.10.10.x) and Docker uses a /16 - can they talk to each other? Would that be the reason they’re just stopped? And if so, how do I fix that?

There are so some important things that are not shared yet:

  • lxc container or kvm vm?
  • output of docker info
  • output of dpkg -l | grep 'docker'
  • is docker using the default ip rang, or was it modified?
    • note bridge networks are natted(!), and supposed to use a subnet outside your lan subnet, or any subnet that is reachable through a route.

This is a known issue on Debian 12.

Related:

GitHub issues:

I didn’t go through all of the solutions in the comments, but there are multiple suggestions.

  • lxc container or kvm vm

VM I access via the console option in the webgui.

  • output of `docker info’

Client: Docker Engine - Community
Version: 26.1.3
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.14.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.27.0
Path: /usr/libexec/docker/cli-plugins/docker-compose

Server:
Containers: 2
Running: 2
Paused: 0
Stopped: 0
Images: 2
Server Version: 26.1.3
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e377cd56a71523140ca6ae87e30244719194a521
runc version: v1.1.12-0-g51d5e94
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.1.0-21-amd64
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.823GiB
Name: debdock
ID: 0d926bde-699d-40bf-8229-691861c1b833
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

  • output of dpkg -l | grep 'docker'

ii docker-buildx-plugin 0.14.0-1~debian.12~bookworm amd64 Docker Buildx cli plugin.
ii docker-ce 5:26.1.3-1~debian.12~bookworm amd64 Docker: the open-source application container engine
ii docker-ce-cli 5:26.1.3-1~debian.12~bookworm amd64 Docker CLI: the open-source application container engine
ii docker-ce-rootless-extras 5:26.1.3-1~debian.12~bookworm amd64 Rootless support for Docker.
ii docker-compose 1.29.2-3 all define and run multi-container Docker applications with YAML
ii docker-compose-plugin 2.27.0-1~debian.12~bookworm amd64 Docker Compose (V2) plugin for the Docker CLI.
ii python3-docker 5.0.3-1 all Python 3 wrapper to access docker.io’s control socket
ii python3-dockerpty 0.4.1-4 all Pseudo-tty handler for docker Python client (Python 3.x)

  • is docker using the default ip rang, or was it modified?

Default.

It must be indeed bookworm related. It works like a charm on Proxmox in an Ubuntu 22.04 vm with the same docker version.

@rimelek shared a link to an issue that has a post that looks like a winner:
https://github.com/moby/moby/issues/46147#issuecomment-1662733064

@rimelek shared a link to an issue that has a post that looks like a winner:
Failure to create correct firewall rules under Debian 12 ("Bookworm") · Issue #46147 · moby/moby · GitHub

Tried it, didn’t work. :frowning: The commands worked and I rebooted afterwards but still the same thing. The only amendment I will make to my original statement is that the Internet stops after about 40-50 seconds after starting the containers - the Internet don’t stop immediately. It only starts WORKING after I immediately stop the containers and all containers have to be stopped.

I am going to try this with a strand of Ubuntu - maybe something like Lubuntu (unless someone has a better distro recommendation - I am not a fan of GNOME).