I have docker containers running on Ubuntu 16.04 on Digital Ocean. They worked well but one day (I think it happened after TOR1 Droplet Reboot 2018-02-28 16:00 UTC [Spectre and Meltdown Mitigation] but I'm not sure) they have lost their internet connection and I do not know why and how to make it work.
I have tried many different solutions from other answers but without success.
I have tried the answers from this question, tried to disable ufw, tried to reboot OS. I have even tried to update Docker and Ubuntu in hope it will finally work but it did not.
I suspect it may be problem with iptables but I do not know what to do with it.
There was a sh script on the server named iptable.rules.sh with the following content:
#/bin/sh
#blow away the DOCKER chain
sudo iptables -F DOCKER
#add http / https
sudo iptables -A DOCKER -p tcp --dport https -j ACCEPT -d 172.17.0.4
sudo iptables -A DOCKER -p tcp --dport http -j ACCEPT -d 172.17.0.4
#loopback for mongodb
sudo iptables -A DOCKER -p tcp --dport 27017 -j ACCEPT -d 172.17.0.2 -i lo
But when I run it, it says:
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
The only way I can run a container with internet connection is using --net=host, but I cannot because of linked containers.
So I am stumped and asking you for help.
The problem was in Docker updating, instance rebooting, and the file /etc/docker/daemon.json
with {"iptables": false}
created by the previous maintainer. These things overlapped each other.
So I just ran:
sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw ufw reload
and after this
iptables -t nat -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE
I have found the solution in this answer.
Or more described in this article.