On 2023-09-29 22:08, Jim Henderson wrote:
On Fri, 29 Sep 2023 19:56:30 -0400, Chuck Payne wrote:
Then maybe a wireshark which you are trying to pull it to see what errors might be there. Good Luck. Yep, we did that as well - you can see the traces in the thread on the Docker forums. The issue is that inside the userspace network space, for some reason, ICMP responses are not able to be returned. We can't figure out why that is.
Hi Jim, Interestingly enough, I have a similar issue with my laptop. It may not be the same but it sounds strikingly similar. ::: TL;DR ::: In your case, can your user try to replicate the problem in a VM, using bridged networking? ::: Details ::: At times, I cannot access/ping one box on my LAN from my laptop. When the issue crops up, the packets seem to make it to my box (confirmed via tcpdump) but ping doesn't seem them. As if they're blocked. Even with the firewalld disabled. I can definitely access this box if my wireless NIC is the only one enabled (not the wired too). Which to me, it sounded like a routing issue. As I've been busy, and it's not critical to access this one box, I haven't spent too many cycles on it. Earlier in the week, I spun up a new TW VM on my laptop. I set up bridge mode networking with my wired NIC. The VM can access that other box! I thought, aha, perhaps the firewall rules are borked: # fgrep FirewallBackend firewalld.conf # FirewallBackend FirewallBackend=nftables From the VM, I dumped the rules and slurped them into my host OS but it didn't make a difference. Here's what I did in case it helps your situation: VM # nft list ruleset > good.rules # nft -f good.rules Next on my list was to try and figure out which firewall packages are installed during TW install and re-install them. See if I can replicate my VM's environment. Thx! -pablo