Hi,
This is driving me nuts.
I am using rootless docker.
I have a very simple container. All it does is try to connect to a postgresql database and do a simple select.
This simple application works flawlessly outside of a container.
Inside the container it complains about unable to connect.
docker0 interface has ip 172.17.0.1 and that is where I try to connect to from the container.
Simple bridged network.
netstat shows me that postgres is indeed listening on the 172.17.0.1 interface and accepts the 172.17.0.0/16 network
firewall shows that forwarding is allowed.
firewall has been configured to allow all traffic from 172.17.0.0/16
kernel forwarding is on
still no joy. postgresql logs connection attempts but shows nothing when running the container.
running another container and doing a shell inside the container and installing the postgresql-client also says
error: could not connect to server: Connection refused
telnet to 172.17.0.1 5432 gives no connection.
What am I doing wrong or not seeing?
Any and all hints and help is greatly appreciated.
One tool that helps debug this type of problem is tcpdump; you can attach it to the different interfaces through which the packets should flow to check where the problem is. Keep in mind that rootless Docker runs inside a dedicated network namespace, so you need tcpdump to enter that net namespace.
Also, if your aim is to run rootless containers, take a look at using Docker + Sysbox (a enhanced runc). You could run your simple app inside that rootless container, and it will have no problem connecting to the postgresql server.
For prosperity I will write how I solved it in the end. So in rootless docker you can inspect the container as much as you like. You can ping the gateway, but not connect to it. The container does resolve hostnames so you can connect to the outside world. In the end I used the external DNS name of the host to connect to the database (since the exposed port was behind a firewall facing the outside world anyway) and that worked.