How to Fix Docker Container Internet Access Issues on CentOS 8

centos 8 dockerdocker network issuefirewalld configurationnftables to iptablesdocker dns resolution

Published·Nov 28, 2020Modified·Nov 28, 2020

CentOS 8 has been released for quite some time. To try it out, I installed the CentOS 8 system on an Online dedicated server, but soon encountered a problem: Docker containers could not access the external network, whereas this issue did not exist on CentOS 7.

Troubleshooting Analysis

Initially, I suspected the issue was related to Docker DNS settings, which prevented the containers from resolving names. I modified the configuration file /etc/docker/daemon.json to set the DNS:

{
  "dns" : [
    "8.8.8.8",
    "1.1.1.1"
  ]
}

After restarting the Docker service, I found that the Docker containers still could not connect to the internet.

Solution

Through research, I learned that the firewall in CentOS 8 has undergone changes. It previously used iptables, but now uses nftables. I suspected this change might be causing forwarding issues. I eventually found a similar case on GitHub: DNS Not Resolving under Network [CentOS8].

The solution is to edit the firewalld configuration file /etc/firewalld/firewalld.conf and change:

FirewallBackend=nftables

to:

FirewallBackend=iptables

Then restart Firewalld:

systemctl restart firewalld.service

Finally, restart Docker:

systemctl restart docker

After these steps, the issue was resolved.

Summary

You can configure Docker DNS by modifying /etc/docker/daemon.json.
The firewall in CentOS 8 has changed from iptables to nftables.
You can switch back to iptables by modifying the Firewalld configuration file /etc/firewalld/firewalld.conf.