[SOLVED] Docker containers with bridge network cannot ping anything (even default gateway)

Docker containers with bridge network cannot ping anything (even default gateway)

I cannot ping anything from containers using bridge networking (example: docker run --network bridge --rm -it bash ping 8.8.8.8). Not even the default gateway of the container.

ip route from inside container:

bash-5.1# ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 scope link  src 172.17.0.2

ip link from my machine:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 6c:02:e0:77:5a:c1 brd ff:ff:ff:ff:ff:ff
    altname enp16s0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
    link/ether a4:97:b1:86:f9:6b brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 02:42:bd:d0:fb:cc brd ff:ff:ff:ff:ff:ff
6: veth40b832a@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
    link/ether ba:e5:3a:88:e4:67 brd ff:ff:ff:ff:ff:ff link-netnsid 0

The docker0 interface stays down even if containers are running.

brctl shows that the container interfaces don't get bridged to docker0:

bridge name bridge id       STP enabled interfaces
docker0     8000.0242bdd0fbcc   no

Here's the output of iptables -S -t nat:

-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DOCKER
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN

So far I've tried reinstalling docker and switching between iptables and nftables with iptables-nft. The whole issue started when I tried running a k3d example cluster. I'm running everything on Arch using the official packages.

Solution

I finally figured it out

Both NetworkManager and systemd-networkd were running on my system, which messed with the interface IPs via multiple DHCP services. That caused bridge networking not to work as well, which in turn messed with the containers traffic.

Pro tip: don't run multiple daemons trying to do the same thing