By Sayem Chowdhury in docker

Why Your Docker Container Has No Internet: A Debugging Guide

A comprehensive guide to diagnosing and fixing network connectivity issues in Docker containers. Learn about DNS configuration, network modes, and common gotchas.

Having trouble with network connectivity in your Docker containers? Here's a comprehensive guide to diagnose and fix common networking issues.

The Common Scenario

You've just spun up a Docker container, but commands like ping google.com or apt-get update fail. Sound familiar? Let's dive into the most common causes and their solutions.

1. DNS Issues

Checking DNS Resolution

# Inside your container
cat /etc/resolv.conf
ping 8.8.8.8    # Test IP connectivity
ping google.com # Test DNS resolution

Common Solutions

# docker-compose.yml
services:
  webapp:
    dns:
      - 8.8.8.8
      - 8.8.4.4
    # Or use host DNS
    dns: host

2. Network Mode Problems

Check Current Network

docker inspect container_name | grep "NetworkMode"

Common Network Modes

# docker-compose.yml
services:
  webapp:
    # Host networking (use with caution)
    network_mode: host
    
    # Or bridge networking (default)
    networks:
      - my_network

networks:
  my_network:
    driver: bridge

3. Firewall Issues

Check Host Firewall

# Ubuntu/Debian
sudo iptables -L

# Check Docker's rules
sudo iptables -L -n -t nat

Common Fixes

# Allow outbound traffic
sudo iptables -A DOCKER-USER -i docker0 -o eth0 -j ACCEPT
sudo iptables -A DOCKER-USER -m state --state ESTABLISHED,RELATED -j ACCEPT

4. Docker Network Debugging

Useful Commands

# List networks
docker network ls

# Inspect network
docker network inspect bridge

# Check container's network settings
docker inspect container_name -f '{{json .NetworkSettings.Networks}}'

5. Common Gotchas

Container Running in Wrong Network

# Fix: Explicitly specify network
services:
  webapp:
    networks:
      - backend
  database:
    networks:
      - backend

networks:
  backend:
    driver: bridge

Missing Network Policy

# Check if traffic is allowed
sudo ufw status
# or
sudo firewall-cmd --list-all

Best Practices

1. Use Custom Networks

# Better than default bridge
networks:
  backend:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

2. DNS Configuration

services:
  webapp:
    dns_search: your-domain.com
    dns_opt:
      - timeout:2
      - attempts:5

3. Health Checks

services:
  webapp:
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost"]
      interval: 30s
      timeout: 10s
      retries: 3

Debugging Checklist

  1. Can the container reach any external IP?
  2. Is DNS resolution working?
  3. Is the container in the correct network?
  4. Are firewall rules blocking traffic?
  5. Is the host's networking configured correctly?

Tools for Debugging

1. Network Debugging Container

docker run --rm --net container:your-container nicolaka/netshoot

2. Quick Network Test

docker run --rm curlimages/curl curl -I https://google.com

Conclusion

Network issues in Docker can be frustrating, but methodically checking each potential cause usually reveals the problem. Keep this guide handy for your next Docker networking adventure!

Previous

Why KVMPods is a Better Alternative to Google Cloud Run in 2024

 Next

The Hidden Costs of Free Tier Cloud Services in 2024

You might also like...