https://bugzilla.suse.com/show_bug.cgi?id=1233690 Bug ID: 1233690 Summary: Docker containers are not reachable from network Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: MicroOS Assignee: forgotten_u0-bnvADNc@user.net Reporter: seifert@alesak.net QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- After regular OS update from 20241114 to 20241115 or later makes containers unreachable. Containers seams to be normally bind to correct interfaces. As it is on production server I was not able to investigate for very long time, reverting to previous OS snapshot resolved the problem. Installed current version of "openSUSE-MicroOS.x86_64-ContainerHost-kvm-and-xen.qcow2" into VM but unable to reproduce the issue, everything seams to work normally. The only symptom in journal is high occurrence of similar lines: Nov 24 02:23:46 backup1 dockerd[1340]: time="2024-11-24T02:23:46.068350205Z" level=error msg="[resolver] failed to query external DNS server" client-addr="udp:172.20.0.66:42800" dns-server="udp:213.186.33.99:53" error="read udp 172.20.0.66:42800->213.186.33.99:53: i/o timeout" question=";certbot.\tIN\t AAAA" spanID=850c3ffdfcec0675 traceID=e1693dcfdf213f90555090b6285ac906 Also there is a difference in IPTABLES: NOT working: Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere working: Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere -- You are receiving this mail because: You are on the CC list for the bug.