Docker is overriding my default route configuration [closed]

Question

Closed. This question is not about programming or software development. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed last year.

Improve this question

A noob here starting with docker in a Orange Pi 3 (Rasberry Pi clone).

I'm trying to configure and start a docker containter (bitwarden_rs), but when I do, I lost connection to the external network. Docker mess with my route table.

Network configuration: I have a bridge br0 that bridges eth0 and wlan0. (Eth0 connects to the router, wlan0 is configured in AP mode)

Table when container is stopped:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         _gateway        0.0.0.0         UG    425    0        0 br0  <---OK
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 br0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     425    0        0 br0
192.168.2.0     0.0.0.0         255.255.255.0   U     425    0        0 br0

Table when container is running (No internet access to the exterior)

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         0.0.0.0         0.0.0.0         U     205    0        0 docker0 <---NOT OK
default         _gateway        0.0.0.0         UG    425    0        0 br0
link-local      0.0.0.0         255.255.0.0     U     205    0        0 docker0
link-local      0.0.0.0         255.255.0.0     U     230    0        0 vethed140ce
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 br0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     425    0        0 br0
192.168.2.0     0.0.0.0         255.255.255.0   U     425    0        0 br0

What can I do to fix it? It's docker config problem or maybe my system problem (armbian). Thanks

RonU · Accepted Answer · 2022-10-10 01:43:21Z

13

On ubuntu 20.04, I tried many methods, like prevent dhcpd to update route or change NetworkManager configure to let network-manager to igonre veth* device Neither of the above works.

I spent a lot of time and found that connman service changes default route. Change its config file /etc/connman/main.conf by uncommenting following line:

#NetworkInterfaceBlacklist = vmnet,vboxnet,virbr,ifb,veth-,vb-

and

systemctl restart connman

to restart connman service. The issue resolved eventually.

edited Oct 10, 2022 at 1:43

RonU

5,8313 gold badges21 silver badges13 bronze badges

answered Jan 20, 2021 at 9:42

trulyliu

4374 silver badges12 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

codemutation Over a year ago

I had exactly the same issue, and this fixed it. Before starting a container, if I ran ip route get 1.1.1.1 I would get 1.1.1.1 via 192.168.0.1 dev wlan0 src 192.168.0.10 uid 1000 and then after starting the container, in less than a minute it became 1.1.1.1 dev vethe44ad92 src 169.254.157.82 uid 1000 right as all other hosts became unreachable. The arch wiki specifically mentions the connman network interface blacklist, which is by default commented out in the configuration.

enagra Over a year ago

In my case, with a Debian 12 distro, with an LXDE desktop environment, "connman service" effectively interfered with the docker daemon. The docker daemon configuration used was the default one. (/etc/docker/daemon.json file does not exist in my host) In my case only this line was necessary: NetworkInterfaceBlacklist = veth.

yaputra jordi Jun 23 at 2:22

What is the equivalent for nmcli? I don't have connman service in my machine and usually use only nmcli

dvs · Accepted Answer · 2020-06-03 15:40:38Z

0

This is because, as you can see docker creates a linux bridge named 'docker0'. You can change the default settings for the docker bridge to resolve the issue. Configure the default bridge network by providing the bip option along with the desired subnet in the daemon.json

# vi /etc/docker/daemon.json
{
  "bip": "172.200.0.1/16"
}

and restart the service.

 systemctl restart docker

More details HERE and HERE

answered Jun 3, 2020 at 15:40

dvs

5191 gold badge10 silver badges28 bronze badges

Comments

kolossradosskiy · Accepted Answer · 2023-09-06 18:47:14Z

-1

Answer with "bip": "172.200.0.1/16" is wrong, subnet 172.200.0.1/16 is not local, it is wild internet. See any whois service, e.g. https://browserleaks.com/ip/172.200.0.1

answered Sep 6, 2023 at 18:47

kolossradosskiy

1

1 Comment

bkakilli Over a year ago

This can better be submitted as a "Comment" to the "Answer" you're referring to.

Collectives™ on Stack Overflow

Docker is overriding my default route configuration [closed]

3 Answers 3

3 Comments

Comments

1 Comment

Linked

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

3 Comments

Comments

1 Comment

Linked

Related