Dear all,
thank you all so much for help in troubleshooting this issue! I will to through (I have KDE) all of your posts and post what I got:
someuser@somehost:~/.config/systemd/user> sudo nsenter -n -t $(pidof rootlesskit | awk '{print $1}') bash
homehost:/home/someuser/.config/systemd/user # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65520 qdisc pfifo_fast state UP group default qlen 1000
link/ether 06:fe:54:70:9c:47 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.100/24 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::4fe:54ff:fe70:9c47/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:76:d7:95:4a brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: br-94190f408626: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:84:29:49:5b brd ff:ff:ff:ff:ff:ff
inet 172.25.0.1/16 brd 172.25.255.255 scope global br-94190f408626
valid_lft forever preferred_lft forever
inet6 fe80::42:84ff:fe29:495b/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
74: vethc5a41ad@if73: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-94190f408626 state UP group default
link/ether ca:75:53:a1:fe:c9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::c875:53ff:fea1:fec9/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
76: veth8a03f8c@if75: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-94190f408626 state UP group default
link/ether c6:de:e4:50:c4:3b brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::c4de:e4ff:fe50:c43b/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
78: vethc17f928@if77: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-94190f408626 state UP group default
link/ether 72:9a:43:22:83:e9 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::709a:43ff:fe22:83e9/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
someuser@somehost:~/.config/systemd/user> route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default n9***** 0.0.0.0 UG 0 0 0 ens192
1**.**.**.** * 255.255.254.0 U 0 0 0 ens192
Thats interesting, as it does not show the tap0 or docker0 interface.
I could not run nsenter as user (permission denied) but had to sudo it:
someuser@someuser:~/.config/systemd/user> sudo nsenter -n -t $(pidof rootlesskit | awk '{print $1}') -- curl https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
somehost@someuser:~/.config/systemd/user> sudo nsenter --all -t $(pidof rootlesskit | awk '{print $1}') -- curl https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
someuser@somehost:~/.config/systemd/user> sudo nsenter --all -t $(pidof rootlesskit | awk '{print $1}') -- curl http://93.184.216.34
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>404 - Not Found</title>
</head>
<body>
<h1>404 - Not Found</h1>
</body>
</html>
Ping 10.0.2.3:
someuser@somehost:~/.config/systemd/user> ping 10.0.2.3
PING 10.0.2.3 (10.0.2.3) 56(84) bytes of data.
^C
--- 10.0.2.3 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4059ms
someuser@somehost:~/.config/systemd/user> nsenter --all -t $(pidof rootlesskit | awk '{print $1}') -- ping 10.0.2.3
nsenter: reassociate to namespace 'ns/cgroup' failed: Operation not permitted
someuser@somehost:~/.config/systemd/user> sudo nsenter --all -t $(pidof rootlesskit | awk '{print $1}') -- ping 10.0.2.3
PING 10.0.2.3 (10.0.2.3) 56(84) bytes of data.
64 bytes from 10.0.2.3: icmp_seq=1 ttl=255 time=0.070 ms
64 bytes from 10.0.2.3: icmp_seq=2 ttl=255 time=0.051 ms
64 bytes from 10.0.2.3: icmp_seq=3 ttl=255 time=0.058 ms
^C
--- 10.0.2.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2014ms
rtt min/avg/max/mdev = 0.051/0.059/0.070/0.007 ms
someuser@somehost:~/.config/systemd/user> iptables -L
Fatal: can't open lock file /run/xtables.lock: Permission denied
someuser@somehost:~/.config/systemd/user> sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Hope that helps.
Best