Docker Community Forums

Share and learn in the Docker community.

Why a docker container changes the host's default route?

I’ve configured my host with the following routing table:

user@host:~ $ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
{VPN SERVER IP} 192.168.2.1     255.255.255.255 UGH       0 0          0 wlan0
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0

So that without being connected to the VPN I’m not connected to the internet:

user@host:~ $ ping google.com
connect: Network is unreachable

As soon as I start my docker container the host’s routing table changes to:

user@host:~ $ netstat -rn
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 wlan0
{VPN SERVER IP} 192.168.2.1     255.255.255.255 UGH       0 0          0 wlan0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 docker0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 vethcbeee28
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0

And I’m connected to the internet again:

user@host:~ $ ping google.com
PING google.com (216.58.212.238) 56(84) bytes of data.

Basically my host shouldn’t be able to connect to the internet without being connected to the VPN. But, starting the container sets the default route to my gateway again.

Does somebody know what’s going on here? And, how to avoid that?

So far I found a workaround here which I’d like to avoid anyway.