I had it working allright but now it stopped. I tried the following commands with no avail:
docker run -dns 8.8.8.8 base ping google.com
docker run base ping google.com
sysctl -w net.ipv4.ip_forward=1 - both on the host and on the container
All I get is unknown host google.com. Docker version 0.7.0
Any ideas?
P.S. ufw disabled as well
Fixed by following this advice (as the root user):
[...] can you try to reset everything?
pkill docker
iptables -t nat -F
ifconfig docker0 down
brctl delbr docker0
systemctl restart docker
It will force docker to recreate the bridge and reinit all the network rules
https://github.com/dotcloud/docker/issues/866#issuecomment-19218300
Seems the interface was 'hung' somehow.
Update for more recent versions of docker:
on more usual 2025 hosts (debian, arch)
(stop the daemon, equivalent to pkill)
# systemctl stop docker.socket (or docker.service)
(remove the firewall rules docker added, equivalent to iptables. Note: if you know how to use wildcards with nft, fix here)
# nft delete chain ip6 nat DOCKER
# nft delete chain ip6 filter FORWARD
# nft delete chain ip6 filter DOCKER-USER
# nft delete chain ip6 filter DOCKER
# nft delete chain ip6 filter DOCKER-ISOLATION-STAGE-1
# nft delete chain ip6 filter DOCKER-ISOLATION-STAGE-2
# nft delete chain ip nat DOCKER
# nft delete chain ip filter FORWARD
# nft delete chain ip filter DOCKER-USER
# nft delete chain ip filter DOCKER
# nft delete chain ip filter DOCKER-ISOLATION-STAGE-1
# nft delete chain ip filter DOCKER-ISOLATION-STAGE-2
(bring down docker virtual network interface. same as before with ifconfig or)
# ip link set docker0 down
(remove the interface)
# ip link del docker0
# systemctl daemon-reload && systemctl restart docker.socket (or docker.service)
For more networking details see https://unix.stackexchange.com/questions/657545/nftables-whitelisting-docker