I have a docker swarm with three manager nodes on which I deployed the jordan/icinga2 image using the ingress network. I can reach the icingaweb site well but the other direction does not work, i.e. I cannot reach anything in the outer world from within the container. When I ping an external computer, this server receives the ping packages with a source address of 172.19.0.3.
Any advice what I have forgotten?
I’m thinking that the --dns 192.168.56.25 you specified is not sufficient enough on it’s own.
Example of the default /etc/resolv.conf generated in a container run in my Docker Swarm.
$ docker container run -it --rm ubuntu:latest cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 10.0.2.3
search attlocal.net
Maybe try adding a second --dns for instance Google’s DNS server --dns 8.8.8.8.
In circumstances --add-host proved to be valuable, when the fqdn can not be resolved to the required target ip by the reachable dns servers, e.g. in a private network without internet breakout or when dnat is involved and the resolved target ip is different to the ip actualy required.
While the problem became visible with DNS problems it seems to be deeper: When I ping an external server specified by its IP address this server gets PING REQUESTs with a source IP of 172.19.0.3.