CentOS 8 has been released for quite some time. In order to try something new, I installed CentOS 8 on my Online dedicated server. However, I encountered a problem where Docker containers cannot access the internet, while this issue does not exist on CentOS 7.

Troubleshooting Analysis

At first, I suspected that it was a Docker DNS configuration issue that caused the Docker containers to be unable to resolve. So I modified the configuration file /etc/docker/daemon.json to set the DNS:

{
  "dns" : [
    "8.8.8.8",
    "1.1.1.1"
  ]
}

After modifying and restarting the Docker service, I found that the Docker containers still couldn't access the internet.

Solution

Through searching, I discovered that there have been some changes to the firewall on CentOS 8. The firewall used to be iptables, but now it is nftables. I guessed that this might be causing the issue. Finally, I found a similar case on GitHub: DNS Not Resolving under Network [CentOS8]. The solution is as follows:

Edit the firewalld configuration file /etc/firewalld/firewalld.conf, change:

FirewallBackend=nftables

to:

FirewallBackend=iptables

Then restart Firewalld: systemctl restart firewalld.service

Finally, restart Docker: systemctl restart docker and verify that the problem is resolved.

Summary

1. Docker DNS can be set by modifying /etc/docker/daemon.json.
2. The firewall on CentOS 8 has changed from iptables to nftables.
3. It is possible to change the Firewalld configuration file /etc/firewalld/firewalld.conf to switch from nftables back to iptables.