Steps to reproduce the issue:
Start a container with --net host.
netcat -l 12345
From outside the container, on the same host, netcat localhost 12345
Describe the results you received:
netcat does not allow for sending messages.
Describe the results you expected:
netcat should work as usual and forward any line typed on the host to the container, like it happens when running netcat -l 12345 followed by netcat localhost 12345 on the host itself.
Additional information you deem important (e.g. issue happens only occasionally):
I originally noticed this with ROS: if you start roscore on a container and then curl http://localhost:11311 from the host, curl fails with a “connection refused” message, while if you run the same command from inside a different container, an (expected) HTML error page is returned, so this means other containers can access open ports on containers, but not the host. I could not reproduce this behavior with netcat, though.
With normal (“rootful”) Docker, ROS works as expected.
Output of docker version:
Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:22:56 2020
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.8
API version: 1.40 (minimum version 1.12)
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:30:32 2020
OS/Arch: linux/amd64
Experimental: true
containerd:
Version: v1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683
Output of docker info:
Client:
Debug Mode: false
Server:
Containers: 50
Running: 1
Paused: 0
Stopped: 49
Images: 98
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem:
Supports d_type: true
Native Overlay Diff: false
Logging Driver: json-file
Cgroup Driver: none
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc version: dc9208a3303feef5b3839f4323d9beb36df0a9dd
init version: fec3683
Security Options:
seccomp
Profile: default
rootless
Kernel Version: 5.4.0-26-generic
Operating System: Ubuntu 20.04 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.677GiB
Name: nymeria
ID: 24YU:BPGQ:GEO6:VSBU:37AZ:VCOW:6UCB:WJ4V:335Y:25VV:J5C7:WZPO
Docker Root Dir: /home/kmfrick/.local/share/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: true
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled