BUG Maybe: After start netbird, all Docker containers can't connect network #2015
Comments
|
@johnson7788 I also experienced this issue on CentOS 7, where the docker containers on the host could not connect to the Internet after installing Netbird.
@johnson7788 have you found a way to run Netbird on a different IP range |
|
@enyachoke My docker network is 172.17.0.0/16, and netbird is 100.124.0.0/16, I think they are already in different IP segment. |
|
I check docker network, iptables, and routes Start Bird, the route changed IPtables: Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) Chain DOCKER (1 references) Chain DOCKER-ISOLATION-STAGE-1 (1 references) Chain DOCKER-ISOLATION-STAGE-2 (1 references) Chain DOCKER-USER (1 references) Stop Bird, The route Iptables Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) Chain DOCKER (1 references) Chain DOCKER-ISOLATION-STAGE-1 (1 references) Chain DOCKER-ISOLATION-STAGE-2 (1 references) Chain DOCKER-USER (1 references) |
|
@enyachoke @johnson7788, can you confirm whether you have any DNS or routes enabled in NetBird's dashboard? Also can you try forcing the use of iptables instead of nftables with the following commands: sudo mkdir -p /etc/sysconfig
echo 'NB_SKIP_NFTABLES_CHECK=true' | sudo tee -a /etc/sysconfig/netbird
sudo systemctl restart netbird |
|
@enyachoke @johnson7788 the code @mlsmaycon wrote seems to be not working for me, I changed it to this to make it use iptables instead: sudo mkdir -p /etc/sysconfig
echo 'NB_SKIP_NFTABLES_CHECK=true' | sudo tee -a /etc/sysconfig/netbird
sudo systemctl restart netbirdRef issue #2030 - seems to be a common issue on C7 or machines using nftables? I do not see this table in ubuntu on nft or iptables. |
|
That's correct, I've updated the command. The problem still happening with this flag enabled? |
|
My issue with NAT rules being ignored by IPTables, specifically with SNAT not working, was resolved with the following flag: -A POSTROUTING ! -d 224.0.0.251/32 -o enp0s8 -j SNAT --to-source 10.0.4.233This IPTables rule was ignored, possibly due to the presence of this chain in nftables. After removing the chain, SNAT started working again: chain netbird-rt-nat {
type nat hook postrouting priority 99; policy accept;
}I can't speak for others, but this fixed the issue for me. My next question is whether this is a configuration bug in Netbird. It seems to be incorrectly configured since it overrides other NAT rules. My understanding is that this setup allows postrouting without passing through more specialized rules. Should the specific IPs involved be defined more clearly? What might be the underlying issue? Can this be fixed in a patch for Netbird, or do we need to enforce IPTables every time? Additionally, why does this issue not occur on Ubuntu? |
|
Another addition, in Ubuntu this is the same chain: chain netbird-rt-nat {
type nat hook postrouting priority srcnat - 1; policy accept;
}Maybe CentOS NFTable Chains needs patching? |
|
@mlsmaycon Docker started, but Peers ip is offline on https://app.netbird.io/peers. cat /etc/release After delete /etc/sysconfig/netbird Peers ip is online now, i think we can't turn off NB_SKIP_NFTABLES_CHECK. but when i turn off NB_SKIP_NFTABLES_CHECK, docker network is work, like below |
|
hello @johnson7788 for the container, please add the environment variable as part of its running config. e.g.: sudo docker run --name netbirdapp --network host --privileged --rm -d -e NB_SETUP_KEY=xxxxxxx -e NB_SKIP_NFTABLES_CHECK=true -v netbird-client:/etc/netbird netbirdio/netbird |
|
the release 0.27.8 contains the fix. Let us know if there is any other issue |
|
@mlsmaycon Great jobs!, thank you very much, it works for me, docker network is ok now. and netbird network also works. You are so amazing sudo docker run --rm busybox ping so.com |
Yes, I install on an Centos server with latest 0.27.9, Both docker network and netbird network are working. That's great!!! |
|
My issue all be fixed. thank you everyone! @mlsmaycon @thorleifjacobsen @enyachoke |
Describe the problem
When I start netbird, No matter from netbird command or netbird docker, netbird works very well, But it leads my other docker container can't connect network. i suspect netbird conflict with docker deamon network.
Test on Linux: Ubuntu16.04 and CentOS7.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Are you using NetBird Cloud?
Please specify whether you use NetBird Cloud or self-host NetBird's control plane.
NetBird version
netbird version0.23.3 and 0.27.7
NetBird status -d output:
If applicable, add the `netbird status -d' command output.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: