Vscode dev container not getting internet (docker)

System:
  Kernel: 6.14.0-2-cachyos-bore arch: x86_64 bits: 64 compiler: gcc v: 14.2.1
    clocksource: tsc avail: acpi_pm
    parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-cachyos-bore
    root=UUID=a840e5a0-d1a3-432e-a9a3-27dcb3be0edb rw rootflags=subvol=@
    quiet rd.luks.uuid=2ced48d8-31af-4dc4-b649-ea7c98869a87
    rd.luks.uuid=686e7718-1e79-4df8-bc43-86b3f9f5f883
    resume=/dev/mapper/luks-686e7718-1e79-4df8-bc43-86b3f9f5f883 loglevel=3
    ibt=off
  Desktop: KDE Plasma v: 6.3.3 tk: Qt v: N/A wm: kwin_wayland with: docker
    dm: SDDM Distro: Garuda base: Arch Linux
Machine:
  Type: Desktop System: Alienware product: Alienware Aurora R9 v: 1.0.26
    serial: <filter> Chassis: type: 3 serial: <filter>
  Mobo: Alienware model: 0T76PD v: A01 serial: <filter> part-nu: 0961
    uuid: 4c4c4544-0036-3010-8035-c4c04f483033 UEFI: Alienware v: 1.0.26
    date: 11/22/2023
Battery:
  ID-1: hidpp_battery_0 charge: 100% condition: N/A volts: 4.2 min: N/A
    model: Logitech G703 LIGHTSPEED Wireless Gaming Mouse w/ HERO type: N/A
    serial: <filter> status: full
CPU:
  Info: model: Intel Core i9-9900KS socket: LGA1151 (U3E1) note: check
    bits: 64 type: MT MCP arch: Coffee Lake gen: core 9 level: v3 note: check
    built: 2018 process: Intel 14nm family: 6 model-id: 0x9E (158)
    stepping: 0xD (13) microcode: 0x102
  Topology: cpus: 1x dies: 1 clusters: 8 cores: 8 threads: 16 tpc: 2
    smt: enabled cache: L1: 512 KiB desc: d-8x32 KiB; i-8x32 KiB L2: 2 MiB
    desc: 8x256 KiB L3: 16 MiB desc: 1x16 MiB
  Speed (MHz): avg: 4702 min/max: 800/5200 base/boost: 4000/8300 scaling:
    driver: intel_pstate governor: powersave volts: 1.3 V ext-clock: 100 MHz
    cores: 1: 4702 2: 4702 3: 4702 4: 4702 5: 4702 6: 4702 7: 4702 8: 4702
    9: 4702 10: 4702 11: 4702 12: 4702 13: 4702 14: 4702 15: 4702 16: 4702
    bogomips: 127999
  Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
  Vulnerabilities: <filter>
Graphics:
  Device-1: Intel CoffeeLake-S GT2 [UHD Graphics 630] vendor: Dell
    driver: i915 v: kernel arch: Gen-9.5 process: Intel 14nm built: 2016-20
    ports: active: none empty: DP-7,HDMI-A-3 bus-ID: 0000:00:02.0
    chip-ID: 8086:3e98 class-ID: 0380
  Device-2: NVIDIA TU104 [GeForce RTX 2080 SUPER] vendor: Dell
    driver: nvidia v: 570.133.07 alternate: nouveau,nvidia_drm
    non-free: 550/565.xx+ status: current (as of 2025-01; EOL~2026-12-xx)
    arch: Turing code: TUxxx process: TSMC 12nm FF built: 2018-2022 ports:
    active: none off: DP-2 empty: DP-1,DP-3,HDMI-A-1 bus-ID: 0000:01:00.0
    chip-ID: 10de:1e81 class-ID: 0300
  Device-3: NVIDIA TU104 [GeForce RTX 2080 SUPER] vendor: Dell
    driver: nvidia v: 570.133.07 alternate: nouveau,nvidia_drm
    non-free: 550/565.xx+ status: current (as of 2025-01; EOL~2026-12-xx)
    arch: Turing code: TUxxx process: TSMC 12nm FF built: 2018-2022 ports:
    active: none empty: DP-4, DP-5, DP-6, HDMI-A-2 bus-ID: 0000:02:00.0
    chip-ID: 10de:1e81 class-ID: 0300
  Device-4: Realtek NexiGo N660P FHD Webcam driver: snd-usb-audio,uvcvideo
    type: USB rev: 2.0 speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 1-14.4.1:10
    chip-ID: 0bda:0567 class-ID: 0102 serial: <filter>
  Display: unspecified server: X.Org v: 24.1.6 with: Xwayland v: 24.1.6
    compositor: kwin_wayland driver: X: loaded: modesetting,nvidia
    unloaded: nouveau alternate: fbdev,intel,nv,vesa dri: iris
    gpu: nvidia,nvidia-nvswitch display-ID: :1 screens: 1
  Screen-1: 0 s-res: 5120x1440 s-dpi: 96 s-size: 1355x381mm (53.35x15.00")
    s-diag: 1408mm (55.42")
  Monitor-1: DP-2 note: disabled model: Samsung LC49G95T serial: <filter>
    built: 2245 res: mode: 5120x1440 hz: 120 scale: 100% (1) dpi: 109 gamma: 1.2
    size: 1193x336mm (46.97x13.23") diag: 1239mm (48.8") modes: max: 3840x1080
    min: 640x480
  API: EGL v: 1.5 hw: drv: intel iris drv: nvidia platforms: device: 0
    drv: nvidia device: 1 drv: nvidia device: 2 drv: iris gbm: drv: iris
    surfaceless: drv: nvidia x11: drv: nvidia inactive: wayland
  API: OpenGL v: 4.6.0 compat-v: 4.6 vendor: nvidia mesa v: 570.133.07
    glx-v: 1.4 direct-render: yes renderer: NVIDIA GeForce RTX 2080
    SUPER/PCIe/SSE2 memory: 7.81 GiB
  API: Vulkan v: 1.4.309 layers: 6 device: 0 type: discrete-gpu name: NVIDIA
    GeForce RTX 2080 SUPER driver: N/A device-ID: 10de:1e81 surfaces: xcb,xlib
    device: 1 type: discrete-gpu name: NVIDIA GeForce RTX 2080 SUPER
    driver: N/A device-ID: 10de:1e81 surfaces: N/A device: 2
    type: integrated-gpu name: Intel UHD Graphics 630 (CFL GT2) driver: N/A
    device-ID: 8086:3e98 surfaces: xcb,xlib device: 3 type: cpu name: llvmpipe
    (LLVM 19.1.7 256 bits) driver: N/A device-ID: 10005:0000
    surfaces: xcb,xlib
  Info: Tools: api: clinfo, eglinfo, glxinfo, vulkaninfo
    de: kscreen-console,kscreen-doctor gpu: nvidia-settings,nvidia-smi
    wl: wayland-info x11: xdpyinfo, xprop, xrandr
Audio:
  Device-1: Intel 200 Series PCH HD Audio vendor: Dell driver: snd_hda_intel
    v: kernel alternate: snd_soc_avs bus-ID: 0000:00:1f.3 chip-ID: 8086:a2f0
    class-ID: 0403
  Device-2: NVIDIA TU104 HD Audio vendor: Dell driver: snd_hda_intel
    v: kernel bus-ID: 0000:01:00.1 chip-ID: 10de:10f8 class-ID: 0403
  Device-3: NVIDIA TU104 HD Audio vendor: Dell driver: snd_hda_intel
    v: kernel bus-ID: 0000:02:00.1 chip-ID: 10de:10f8 class-ID: 0403
  Device-4: Realtek NexiGo N660P FHD Webcam driver: snd-usb-audio,uvcvideo
    type: USB rev: 2.0 speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 1-14.4.1:10
    chip-ID: 0bda:0567 class-ID: 0102 serial: <filter>
  API: ALSA v: k6.14.0-2-cachyos-bore status: kernel-api tools: N/A
  Server-1: sndiod v: N/A status: off tools: aucat,midicat,sndioctl
  Server-2: PipeWire v: 1.4.1 status: n/a (root, process) with:
    1: pipewire-pulse status: active 2: wireplumber status: active
    3: pipewire-alsa type: plugin 4: pw-jack type: plugin
    tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter
    vendor: Dell driver: ath10k_pci v: kernel bus-ID: 0000:04:00.0
    chip-ID: 168c:003e class-ID: 0280
  IF: wlp4s0 state: up mac: <filter>
  Device-2: Qualcomm Atheros Killer E2500 Gigabit Ethernet vendor: Dell
    driver: alx v: kernel port: c000 bus-ID: 0000:05:00.0 chip-ID: 1969:e0b1
    class-ID: 0200
  IF: enp5s0 state: down mac: <filter>
  IF-ID-1: br-756775ce0e69 state: down mac: <filter>
  IF-ID-2: br-90a9e528da52 state: up speed: 10000 Mbps duplex: unknown
    mac: <filter>
  IF-ID-3: docker0 state: down mac: <filter>
  IF-ID-4: tailscale0 state: unknown speed: -1 duplex: full mac: N/A
  IF-ID-5: veth2fb2c3e state: up speed: 10000 Mbps duplex: full
    mac: <filter>
  IF-ID-6: veth66fba1d state: up speed: 10000 Mbps duplex: full
    mac: <filter>
  IF-ID-7: vethc4839cc state: up speed: 10000 Mbps duplex: full
    mac: <filter>
  Info: services: NetworkManager, systemd-timesyncd, wpa_supplicant
Bluetooth:
  Device-1: Qualcomm Atheros driver: btusb v: 0.8 type: USB rev: 2.0
    speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 1-8:5 chip-ID: 0cf3:e007
    class-ID: e001
  Report: btmgmt ID: hci0 rfk-id: 0 state: down bt-service: enabled,running
    rfk-block: hardware: no software: no address: <filter> bt-v: 5.0 lmp-v: 9
    status: discoverable: no pairing: no
RAID:
  Hardware-1: Intel SATA Controller [RAID mode] driver: intel_nvme_remap
    v: N/A port: f060 bus-ID: 0000:00:17.0 chip-ID: 8086:2822 rev:
    class-ID: 0104
  Supported mdraid levels: raid0
  Device-1: md127 maj-min: 9:127 type: mdraid level: raid-0 status: active
    state: clean size: 1.82 TiB
  Info: report: N/A blocks: 1953260544 chunk-size: 512k super-blocks: 1.2
  Components: Online:
  0: sdc maj-min: 8:32 size: 931.51 GiB state: active sync
  1: sdb maj-min: 8:16 size: 931.51 GiB state: active sync
Drives:
  Local Storage: total: raw: 11.37 TiB usable: 11.37 TiB
    used: 1.31 TiB (11.5%)
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Samsung model: SSD 990 PRO 2TB
    size: 1.82 TiB block-size: physical: 512 B logical: 512 B tech: SSD
    serial: <filter> fw-rev: 4B2QJXD7 temp: 37.9 C scheme: GPT
  SMART: yes health: PASSED on: 103d 21h cycles: 359
    read-units: 3,440,058 [1.76 TB] written-units: 12,648,990 [6.47 TB]
  ID-2: /dev/sda maj-min: 8:0 vendor: Crucial model: CT500MX500SSD1
    family: Micron Client SSDs size: 465.76 GiB block-size: physical: 512 B
    logical: 512 B sata: 3.3 speed: 6.0 Gb/s tech: SSD serial: <filter>
    fw-rev: 023 temp: 36 C scheme: GPT
  SMART: yes state: enabled health: PASSED on: 2y 191d 4h cycles: 2533
    written: 4.14 TiB
  ID-3: /dev/sdb maj-min: 8:16 vendor: Smart Modular Tech.
    model: SHGS31-1000GS-2 family: SATA SSDs size: 931.51 GiB block-size:
    physical: 4096 B logical: 512 B sata: 3.2 speed: 6.0 Gb/s tech: SSD
    serial: <filter> fw-rev: 0Q00 temp: 32 C
  SMART: yes state: enabled health: PASSED on: 101d 0h cycles: 1996 Old-Age:
    threshold: 1
  ID-4: /dev/sdc maj-min: 8:32 vendor: Smart Modular Tech.
    model: SHGS31-1000GS-2 family: SATA SSDs size: 931.51 GiB block-size:
    physical: 4096 B logical: 512 B sata: 3.2 speed: 6.0 Gb/s tech: SSD
    serial: <filter> fw-rev: 0Q00 temp: 28 C
  SMART: yes state: enabled health: PASSED on: 1y 235d 5h cycles: 1996
    Old-Age: threshold: 1
  ID-5: /dev/sdd maj-min: 8:48 vendor: HGST (Hitachi) model: HUS728T8TALE6L4
    family: Ultrastar HC310/320 size: 7.28 TiB block-size: physical: 4096 B
    logical: 512 B type: USB rev: 3.1 spd: 5 Gb/s lanes: 1 mode: 3.2 gen-1x1
    sata: 3.2 speed: 6.0 Gb/s tech: HDD rpm: 7200 serial: <filter>
    fw-rev: 5006 drive-rev: V8GNW980 temp: 23 C scheme: GPT
  SMART: yes state: enabled health: PASSED on: 113d 3h cycles: 5147
Partition:
  ID-1: / raw-size: 1.75 TiB size: 1.75 TiB (100.00%) used: 126.44 GiB (7.0%)
    fs: btrfs block-size: 4096 B dev: /dev/dm-1 maj-min: 253:1
    mapped: luks-2ced48d8-31af-4dc4-b649-ea7c98869a87
  ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
    used: 772 KiB (0.3%) fs: vfat block-size: 512 B dev: /dev/nvme0n1p1
    maj-min: 259:1
  ID-3: /home raw-size: 1.75 TiB size: 1.75 TiB (100.00%)
    used: 126.44 GiB (7.0%) fs: btrfs block-size: 4096 B dev: /dev/dm-1
    maj-min: 253:1 mapped: luks-2ced48d8-31af-4dc4-b649-ea7c98869a87
  ID-4: /var/log raw-size: 1.75 TiB size: 1.75 TiB (100.00%)
    used: 126.44 GiB (7.0%) fs: btrfs block-size: 4096 B dev: /dev/dm-1
    maj-min: 253:1 mapped: luks-2ced48d8-31af-4dc4-b649-ea7c98869a87
  ID-5: /var/tmp raw-size: 1.75 TiB size: 1.75 TiB (100.00%)
    used: 126.44 GiB (7.0%) fs: btrfs block-size: 4096 B dev: /dev/dm-1
    maj-min: 253:1 mapped: luks-2ced48d8-31af-4dc4-b649-ea7c98869a87
Swap:
  Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
  ID-1: swap-1 type: partition size: 68.88 GiB used: 0 KiB (0.0%)
    priority: -2 dev: /dev/dm-0 maj-min: 253:0
    mapped: luks-686e7718-1e79-4df8-bc43-86b3f9f5f883
  ID-2: swap-2 type: zram size: 62.62 GiB used: 1 MiB (0.0%) priority: 100
    comp: zstd avail: lzo-rle,lzo,lz4,lz4hc,deflate,842 max-streams: 16
    dev: /dev/zram0
Sensors:
  System Temperatures: cpu: 43.0 C mobo: N/A
  Fan Speeds (rpm): N/A
Info:
  Memory: total: 64 GiB available: 62.62 GiB used: 14.15 GiB (22.6%)
  Processes: 502 Power: uptime: 4h 49m states: freeze,mem,disk suspend: deep
    avail: s2idle wakeups: 0 hibernate: platform avail: shutdown, reboot,
    suspend, test_resume image: 25.01 GiB services: org_kde_powerdevil,
    power-profiles-daemon, upowerd Init: systemd v: 257 default: graphical
    tool: systemctl
  Packages: pm: pacman pkgs: 1716 libs: 459 tools: octopi,paru Compilers:
    clang: 19.1.7 gcc: 14.2.1 Shell: garuda-inxi (sudo) default: Bash v: 5.2.37
    running-in: ghostty inxi: 3.3.37
Garuda (2.7.2-1):
  System install date:     2024-10-08
  Last full system update: 2025-03-28
  Is partially upgraded:   No
  Relevant software:       snapper NetworkManager dracut
  Windows dual boot:       Yes
  Failed units:

Steps taken:

i rebooted machine

restarteed docker

i checked my fowarding on host

 ╰─λ cat /proc/sys/net/ipv4/ip_forward
File: /proc/sys/net/ipv4/ip_forward
1

i ran these cmds

pkill docker
iptables -t nat -F
ifconfig docker0 down
brctl delbr docker0
systemctl restart docker

Installing platform package from https://github.com/vadimcn/codelldb/releases/download/v1.11.4/codelldb-linux-x64.vsix

Error: Error: connect ETIMEDOUT 140.82.112.4:443

warning: spurious network error (1 tries remaining): [28] Timeout was reached (Failed to resolve host 'index.crates.io' with timeout after 30011 ms)
warning: spurious network error (1 tries remaining): [28] Timeout was reached (Failed to resolve host 'index.crates.io' with timeout after 30011 ms)
warning: spurious network error (1 tries remaining): [28] Timeout was reached (Failed to resolve host 'index.crates.io' with timeout after 30011 ms)
warning: spurious network error (1 tries remaining): [28] Timeout was reached (Failed to resolve host 'index.crates.io' with timeout after 30011 ms)
warning: spurious network error (1 tries remaining): [28] Timeout was reached (Failed to resolve host 'index.crates.io' with timeout after 30011 ms)
warning: spurious network error (1 tries remaining): [28] Timeout was reached (Failed to resolve host 'index.crates.io' with timeout after 30011 ms)
warning: spurious network error (1 tries remaining): [28] Timeout was reached (Failed to resolve host 'index.crates.io' with timeout after 30011 ms)
error: failed to get `axum` as a dependency of package `lib-rpc-core v0.1.0 (/workspace/crates/libs/lib-rpc-core)`

Caused by:
  download of ax/um/axum failed

Caused by:
  failed to download from `https://index.crates.io/ax/um/axum`

Caused by:
  [28] Timeout was reached (Failed to resolve host 'index.crates.io' with timeout after 30013 ms)
[Finished running. Exit status: 101]

ping google.com
^C
--- google.com ping statistics ---
23 packets transmitted, 0 received, 100% packet loss, time 25413ms

Docker seems to work if i don’t start vscode dev container at which point all internet access from docker stops working.

  productVersion: { version: '1.98.2', date: '2025-03-12T13:32:45.399Z' }
}
[21:15:16] Installing the extension without checking dependencies and pack github.copilot-chat
[558447 ms] [21:15:16] Deleted existing extension from disk github.copilot-chat /home/vscode/.vscode-server/extensions/github.copilot-chat-0.25.1
[558584 ms] [21:15:16] Extracted extension to file:///home/vscode/.vscode-server/extensions/github.copilot-chat-0.25.1: github.copilot-chat
[558593 ms] [21:15:16] Renamed to /home/vscode/.vscode-server/extensions/github.copilot-chat-0.25.1
[558611 ms] [21:15:16] Extension installed successfully: github.copilot-chat file:///home/vscode/.vscode-server/extensions/extensions.json
[679977 ms] [21:17:17] #4: https://mobile.events.data.microsoft.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream - error POST connect ETIMEDOUT 20.50.201.195:443
[684072 ms] [21:17:21] #13: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[684073 ms] [21:17:21] #6: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[684074 ms] [21:17:21] #10: https://mobile.events.data.microsoft.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream - error POST connect ETIMEDOUT 20.50.201.195:443
[684074 ms] [21:17:21] #12: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[684075 ms] [21:17:21] #11: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[684075 ms] [21:17:21] #9: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[684075 ms] [21:17:21] #8: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[684076 ms] [21:17:21] #5: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[684076 ms] [21:17:21] #7: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[688168 ms] [21:17:25] #15: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[688168 ms] [21:17:25] #14: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[688169 ms] [21:17:25] #16: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[692264 ms] [21:17:30] #17: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[692265 ms] [21:17:30] #19: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443
[21:17:30] #18: https://marketplace.visualstudio.com/_apis/public/gallery/extensionquery - error POST connect ETIMEDOUT 13.107.42.18:443

looks like the docker network is not active, I had to make mine auto start on reboot

  IF-ID-1: docker0 state: up speed: 10000 Mbps duplex: unknown mac: <filter>

i never had to do that before, how do you start at boot?

Can’t remember, have to use the CLI

you can always run

ifconfig docker0 up

and check to make sure it’s working

It could be specific to my network or internet provider, but I actually had to disable IPv6 to make .NET work. It just would not connect to anything. Other applications worked fine. Have not had any issues with running IPv4 only.

System Settings → Wi-Fi & Networking → IPv6 (Tab) → Method (Dropdown) → Disabled

this does not work, still says docker0 is down

Pls post the result from netstat -ntlp

Do you have install all relevant stuff for docker ?
With sudo pacman -S docker docker-compose docker-buildxt to install
Btw, is your docker service active ?
sudo systemctl is-active docker.service
If not with sudo systemctl enable --now docker.service enable the service (boot)
then run sudo docker run hello-world to test.

Is a firewall active ?

Pls read also the troubleshooting point 7.1

If you work with ufw

My docker run on metal / vm + firewall without issues. I use not ufw.

netstat -ntlp

ctive Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 100.101.112.24:45433    0.0.0.0:*               LISTEN      1550/tailscaled
tcp        0      0 127.0.0.1:46333         0.0.0.0:*               LISTEN      1569/containerd
tcp        0      0 127.0.0.1:6463          0.0.0.0:*               LISTEN      54054/app.asar --no
tcp6       0      0 fd7a:115c:a1e0::4:53893 :::*                    LISTEN      1550/tailscaled
tcp6       0      0 :::1716                 :::*                    LISTEN      3264/kdeconnectd

╰─λ sudo pacman -S docker docker-compose docker-buildxt
warning: docker-1:28.0.4-1.1 is up to date -- reinstalling
warning: docker-compose-2.34.0-1.1 is up to date -- reinstalling
error: target not found: docker-buildxt

[🔴] × sudo systemctl is-active docker.service
active

 ╰─λ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
e6590344b1a5: Pull complete
Digest: sha256:7e1a4e2d11e2ac7a8c3f768d4166c2defeb09d2a750b010412b6ea13de1efb19
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

No firewall is used. Docker networking stops working after the vscode dev container is started.

image2421×895 67.7 KB

          
[2025-04-01T01:55:11.850Z] [+] Building 39.0s (5/20)                                        docker:default
 => [development internal] load build definition from Dockerfile-with-fea  0.0s
 => => transferring dockerfile: 2.37kB                                     0.0s
 => [development internal] load metadata for docker.io/library/rust:1.85   0.3s
 => [development internal] load .dockerignore                              0.0s
 => => transferring context: 2B                                            0.0s
 => CACHED [development development  1/16] FROM docker.io/library/rust:1.  0.0s
 => [development internal] load build context                              0.1s
 => => transferring context: 63B                                           0.0s
 => [development development  2/16] RUN groupadd --gid 1000 vscode     &  38.6s
 => => #  out Unable to connect to deb.debian.org:http:                        
 => => # Err:2 http://deb.debian.org/debian bookworm-updates InRelease         
 => => #   Unable to connect to deb.debian.org:http:                           
 => => # Err:3 http://deb.debian.org/debian-security bookworm-security InReleas
 => => # e                                                                     
 => => #   Unable to connect to deb.debian.org:http:                           
[2025-04-01T01:55:12.069Z] [+] Building 39.3s (6/20)                                        docker:default
 => [development internal] load build definition from Dockerfile-with-fea  0.0s
 => => transferring dockerfile: 2.37kB                                     0.0s
 => [development internal] load metadata for docker.io/library/rust:1.85   0.3s
 => [development internal] load .dockerignore                              0.0s
 => => transferring context: 2B                                            0.0s
 => CACHED [development development  1/16] FROM docker.io/library/rust:1.  0.0s
 => [development internal] load build context                              0.1s
 => => transferring context: 63B                                           0.0s
[2025-04-01T01:55:12.069Z]  => ERROR [development development  2/16] RUN groupadd --gid 1000 vscode  38.7s
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
                                                                                
[2025-04-01T01:55:12.117Z] [+] Building 39.3s (6/20)                                        docker:default
[2025-04-01T01:55:12.117Z]  => [development internal] load build definition from Dockerfile-with-fea  0.0s
 => => transferring dockerfile: 2.37kB                                     0.0s
 => [development internal] load metadata for docker.io/library/rust:1.85   0.3s
 => [development internal] load .dockerignore                              0.0s
 => => transferring context: 2B                                            0.0s
 => CACHED [development development  1/16] FROM docker.io/library/rust:1.  0.0s
 => [development internal] load build context                              0.1s
 => => transferring context: 63B                                           0.0s
 => ERROR [development development  2/16] RUN groupadd --gid 1000 vscode  38.7s
------
 > [development development  2/16] RUN groupadd --gid 1000 vscode     && useradd --uid 1000 --gid 1000 -m vscode     && apt-get update     && apt-get install -y sudo     && echo vscode ALL=(root) NOPASSWD:ALL > /etc/sudoers.d/vscode     && chmod 0440 /etc/sudoers.d/vscode:
31.62 Ign:1 http://deb.debian.org/debian bookworm InRelease
31.62 Ign:2 http://deb.debian.org/debian bookworm-updates InRelease
31.62 Ign:3 http://deb.debian.org/debian-security bookworm-security InRelease
32.62 Ign:1 http://deb.debian.org/debian bookworm InRelease
32.62 Ign:2 http://deb.debian.org/debian bookworm-updates InRelease
32.62 Ign:3 http://deb.debian.org/debian-security bookworm-security InRelease
34.62 Ign:1 http://deb.debian.org/debian bookworm InRelease
34.62 Ign:2 http://deb.debian.org/debian bookworm-updates InRelease
34.62 Ign:3 http://deb.debian.org/debian-security bookworm-security InRelease
38.62 Err:1 http://deb.debian.org/debian bookworm InRelease
38.62   Could not connect to debian.map.fastlydns.net:80 (151.101.66.132), connection timed out Could not connect to debian.map.fastlydns.net:80 (151.101.130.132), connection timed out Could not connect to debian.map.fastlydns.net:80 (151.101.194.132), connection timed out Could not connect to debian.map.fastlydns.net:80 (151.101.2.132), connection timed out Unable to connect to deb.debian.org:http:
38.62 Err:2 http://deb.debian.org/debian bookworm-updates InRelease
38.62   Unable to connect to deb.debian.org:http:
38.62 Err:3 http://deb.debian.org/debian-security bookworm-security InRelease
38.62   Unable to connect to deb.debian.org:http:
38.62 Reading package lists...
38.62 W: Failed to fetch http://deb.debian.org/debian/dists/bookworm/InRelease  Could not connect to debian.map.fastlydns.net:80 (151.101.66.132), connection timed out Could not connect to debian.map.fastlydns.net:80 (151.101.130.132), connection timed out Could not connect to debian.map.fastlydns.net:80 (151.101.194.132), connection timed out Could not connect to debian.map.fastlydns.net:80 (151.101.2.132), connection timed out Unable to connect to deb.debian.org:http:
38.62 W: Failed to fetch http://deb.debian.org/debian/dists/bookworm-updates/InRelease  Unable to connect to deb.debian.org:http:
38.62 W: Failed to fetch http://deb.debian.org/debian-security/dists/bookworm-security/InRelease  Unable to connect to deb.debian.org:http:
38.62 W: Some index files failed to download. They have been ignored, or old ones used instead.
38.63 Reading package lists...
38.63 Building dependency tree...
38.63 Reading state information...
38.63 E: Unable to locate package sudo
------
[2025-04-01T01:55:12.117Z] failed to solve: process "/bin/sh -c groupadd --gid $USER_GID $USERNAME     && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME     && apt-get update     && apt-get install -y sudo     && echo $USERNAME ALL=\\(root\\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME     && chmod 0440 /etc/sudoers.d/$USERNAME" did not complete successfully: exit code: 100
[2025-04-01T01:55:12.119Z] Stop (39412 ms): Run: docker compose --project-name xenis_devcontainer -f /home/stephen/disks/DataMain/src/xrgoods/xenis/.devcontainer/docker-compose.yml -f /home/stephen/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data/docker-compose/docker-compose.devcontainer.build-1743472472706.yml build
[2025-04-01T01:55:12.120Z] Error: Command failed: docker compose --project-name xenis_devcontainer -f /home/stephen/disks/DataMain/src/xrgoods/xenis/.devcontainer/docker-compose.yml -f /home/stephen/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data/docker-compose/docker-compose.devcontainer.build-1743472472706.yml build
[2025-04-01T01:55:12.120Z]     at Tm (/home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js:433:525)
[2025-04-01T01:55:12.120Z]     at async ftA (/home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js:433:2476)
[2025-04-01T01:55:12.120Z]     at async htA (/home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js:413:3496)
[2025-04-01T01:55:12.120Z]     at async TtA (/home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js:485:4021)
[2025-04-01T01:55:12.120Z]     at async iB (/home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js:485:4963)
[2025-04-01T01:55:12.120Z]     at async wrA (/home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js:666:203)
[2025-04-01T01:55:12.120Z]     at async DrA (/home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js:665:14830)
[2025-04-01T01:55:12.121Z]     at async /home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js:485:1190
[2025-04-01T01:55:12.124Z] Stop (41256 ms): Run: /opt/visual-studio-code/code /home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js up --user-data-folder /home/stephen/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data --container-session-data-folder /tmp/devcontainers-78153b6f-6d37-44d4-833c-4d93ce09c3ce1743472470027 --workspace-folder /home/stephen/disks/DataMain/src/xrgoods/xenis --workspace-mount-consistency cached --gpu-availability detect --id-label devcontainer.local_folder=/home/stephen/disks/DataMain/src/xrgoods/xenis --id-label devcontainer.config_file=/home/stephen/disks/DataMain/src/xrgoods/xenis/.devcontainer/devcontainer.json --log-level debug --log-format json --config /home/stephen/disks/DataMain/src/xrgoods/xenis/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --mount type=bind,source=/run/user/1000/wayland-0,target=/tmp/vscode-wayland-b05b430d-01dd-4e4b-9fac-4736c15f3166.sock --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root --include-configuration --include-merged-configuration
[2025-04-01T01:55:12.124Z] Exit code 1
[2025-04-01T01:55:12.128Z] Command failed: /opt/visual-studio-code/code /home/stephen/.vscode/extensions/ms-vscode-remote.remote-containers-0.401.0/dist/spec-node/devContainersSpecCLI.js up --user-data-folder /home/stephen/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data --container-session-data-folder /tmp/devcontainers-78153b6f-6d37-44d4-833c-4d93ce09c3ce1743472470027 --workspace-folder /home/stephen/disks/DataMain/src/xrgoods/xenis --workspace-mount-consistency cached --gpu-availability detect --id-label devcontainer.local_folder=/home/stephen/disks/DataMain/src/xrgoods/xenis --id-label devcontainer.config_file=/home/stephen/disks/DataMain/src/xrgoods/xenis/.devcontainer/devcontainer.json --log-level debug --log-format json --config /home/stephen/disks/DataMain/src/xrgoods/xenis/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --mount type=bind,source=/run/user/1000/wayland-0,target=/tmp/vscode-wayland-b05b430d-01dd-4e4b-9fac-4736c15f3166.sock --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root --include-configuration --include-merged-configuration
[2025-04-01T01:55:12.128Z] Exit code 1

This is after vscode dev container is up. Kills all docker networking for all containers

image980×582 46.4 KB

image980×582 83.3 KB

 ╰─λ networkctl list
systemd-networkd is not running, output might be incomplete.
IDX LINK       TYPE     OPERATIONAL SETUP
  1 lo         loopback -           unmanaged
  2 enp5s0     ether    -           unmanaged
  3 wlp4s0     wlan     -           unmanaged
  4 tailscale0 none     -           unmanaged
  6 docker0    bridge   -           unmanaged

5 links listed.

Sorry, my mistake… sudo -S docker-buildx of course.

• your networkctl give result “unmanaged” .. ok

Of course → If you run docker over all interfaces, wrong interface or not bounded correct on a interface
On which network is docker running ? On your host (loopback), enp5 or wlan. You must bind docker to a interface. This interface works then only with docker.
If you don’t know how pls read the docs.
Read the workshop from docker.

Btw, i installed a new vm +installed docker..leave untouched default network config ..run docker and docker works well. (no firewall no own config file for network + daemon,hosts or what ever)

docker_vm769×171 24.3 KB

d-container669×139 15.8 KB

docker2490×174 30.9 KB

If you have changed your network config → reset to standard pls.
Do you have the right steps done to work without sudo ? (user/group)
Docker work with iptables.
sudo iptables -nL =?
sudo nft list ruleset =?

• pls post /etc/docker/daemon.json

docker-buildx is now installed.

 docker compose --project-name xenis_devcontainer -f /home/stephen/disks/DataMain/src/xrgoods/xenis/.devcontainer/docker-compose.yml -f /home/stephen/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data/docker-compose/docker-compose.devcontainer.build-1743513137472.yml -f /home/stephen/.config/Code/User/globalStorage/ms-vscode-remote.remote-containers/data/docker-compose/docker-compose.devcontainer.containerFeatures-1743513361904-397cc38d-17dd-480c-a8d6-4b7cca613833.yml up -d

This is what vscode runs, afaik, wlp4s0 is my default as that was working before any issues occurred.

docker compose file

services:
  xenis_db1:
    image: postgres:16
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: testpassword
      POSTGRES_DB: apollo_link
      
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5
    volumes:
      - database_data:/var/lib/postgresql/data
    ports:
      - "5432:5432"

  pgAdmin:
    image: dpage/pgadmin4
    container_name: pgAdmin11
    environment:
      PGADMIN_DEFAULT_EMAIL: "admin@admin.com"
      PGADMIN_DEFAULT_PASSWORD: "password123"
      PGADMIN_DISABLE_POSTFIX: "true"
      PGADMIN_LISTEN_ADDRESS: "0.0.0.0"
    ports:
      - "5050:80"
    volumes:
      - pgadmin-data:/var/lib/pgadmin

    depends_on:
      - xenis_db1

  flyway:
    image: flyway/flyway
    volumes:
      - ../flyway/conf:/flyway/conf
      - ../flyway/sql:/flyway/sql
    command: -connectRetries=60 migrate
    depends_on:
      - xenis_db1

  development:
    build:
      context: .
      dockerfile: Dockerfile
    env_file:
      - system.env
    volumes:
      - ..:/workspace:cached
      # We need this so docker in docker works
      - /var/run/docker.sock:/var/run/docker.sock
      - target:/workspace/target # Set target as a volume for performance.
      # Uncomment the next line to improve performance when using node.
      - node_modules:/workspace/frontend/node_modules

    environment:
     # ROOT_DATABASE_URL: postgresql://postgres:testpassword@xenis_db1:5432/apollo_link?sslmode=disable
      APP_DATABASE_URL: postgresql://postgres:testpassword@xenis_db1:5432/apollo_link?sslmode=disable
      SERVICE_WEB_FOLDER: /workspace/dist

      # This is the key for the service. It is used to encrypt and decrypt data.
      # It is important that this is kept secret.
      # Howwever, this is not a production key, so it is ok to share it here.
      SERVICE_PWD_KEY: "*********"

      # This is the token key for the service. It is used to sign and verify tokens.
      SERVICE_TOKEN_KEY: "********"
      SERVICE_TOKEN_DURATION_SEC: "1800" # 30 minutes

    # Overrides default command so things don't shut down after the process ends.
    command: sleep infinity

    working_dir: /workspace

    depends_on:
      - xenis_db1

volumes:
  target:
  database_data:
  pgadmin-data:
  node_modules:

╰─λ sudo iptables -nL
[sudo] password for stephen:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ts-input   all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-FORWARD  all  --  0.0.0.0/0            0.0.0.0/0
ts-forward  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (0 references)
target     prot opt source               destination

Chain DOCKER-BRIDGE (1 references)
target     prot opt source               destination

Chain DOCKER-CT (1 references)
target     prot opt source               destination

Chain DOCKER-FORWARD (1 references)
target     prot opt source               destination
DOCKER-CT  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-ISOLATION-STAGE-1  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-BRIDGE  all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination

Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target     prot opt source               destination

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain ts-forward (1 references)
target     prot opt source               destination
MARK       all  --  0.0.0.0/0            0.0.0.0/0            MARK xset 0x40000/0xff0000
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            mark match 0x40000/0xff0000
DROP       all  --  100.64.0.0/10        0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain ts-input (1 references)
target     prot opt source               destination
ACCEPT     all  --  100.101.112.24       0.0.0.0/0
RETURN     all  --  100.115.92.0/23      0.0.0.0/0
DROP       all  --  100.64.0.0/10        0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:41641

 ╰─λ sudo nft list ruleset
# Warning: table ip filter is managed by iptables-nft, do not touch!
table ip filter {
        chain DOCKER {
        }

        chain DOCKER-FORWARD {
                counter packets 4400 bytes 261940 jump DOCKER-CT
                counter packets 4400 bytes 261940 jump DOCKER-ISOLATION-STAGE-1
                counter packets 4400 bytes 261940 jump DOCKER-BRIDGE
        }

        chain FORWARD {
                type filter hook forward priority filter; policy drop;
                counter packets 4400 bytes 261940 jump DOCKER-USER
                counter packets 4400 bytes 261940 jump DOCKER-FORWARD
                counter packets 33648 bytes 136388157 jump ts-forward
        }

        chain DOCKER-USER {
                counter packets 35123 bytes 136471263 return
        }

        chain ts-input {
                ip saddr 100.101.112.24 iifname "lo" counter packets 0 bytes 0 accept
                ip saddr 100.115.92.0/23 iifname != "tailscale0" counter packets 0 bytes 0 return
                ip saddr 100.64.0.0/10 iifname != "tailscale0" counter packets 0 bytes 0 drop
                iifname "tailscale0" counter packets 2313 bytes 350077 accept
                udp dport 41641 counter packets 1175 bytes 70500 accept
        }

        chain ts-forward {
                iifname "tailscale0" counter packets 86 bytes 15201 xt target "MARK"
                meta mark & 0x00ff0000 == 0x00040000 counter packets 86 bytes 15201 accept
                ip saddr 100.64.0.0/10 oifname "tailscale0" counter packets 0 bytes 0 drop
                oifname "tailscale0" counter packets 86 bytes 5529 accept
        }

        chain INPUT {
                type filter hook input priority filter; policy accept;
                counter packets 342510 bytes 1370262589 jump ts-input
        }

        chain DOCKER-BRIDGE {
        }

        chain DOCKER-CT {
        }

        chain DOCKER-ISOLATION-STAGE-1 {
        }

        chain DOCKER-ISOLATION-STAGE-2 {
        }
}
# Warning: table ip nat is managed by iptables-nft, do not touch!
table ip nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
                xt match "addrtype" counter packets 5267 bytes 3158841 jump DOCKER
        }

        chain OUTPUT {
                type nat hook output priority dstnat; policy accept;
                ip daddr != 127.0.0.0/8 xt match "addrtype" counter packets 0 bytes 0 jump DOCKER
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                ip saddr 172.17.0.0/16 oifname != "docker0" counter packets 48 bytes 3084 xt target "MASQUERADE"
                counter packets 6253 bytes 761053 jump ts-postrouting
        }

        chain ts-postrouting {
                meta mark & 0x00ff0000 == 0x00040000 counter packets 0 bytes 0 xt target "MASQUERADE"
        }

        chain DOCKER {
        }
}
# Warning: table ip6 filter is managed by iptables-nft, do not touch!
table ip6 filter {
        chain DOCKER-FORWARD {
                counter packets 0 bytes 0 jump DOCKER-CT
                counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-1
                counter packets 0 bytes 0 jump DOCKER-BRIDGE
        }

        chain FORWARD {
                type filter hook forward priority filter; policy accept;
                counter packets 0 bytes 0 jump DOCKER-USER
                counter packets 0 bytes 0 jump DOCKER-FORWARD
                counter packets 0 bytes 0 jump ts-forward
        }

        chain DOCKER-USER {
                counter packets 0 bytes 0 return
        }

        chain ts-input {
                ip6 saddr fd7a:115c:a1e0::4d01:7018 iifname "lo" counter packets 0 bytes 0 accept
                iifname "tailscale0" counter packets 93 bytes 24715 accept
                udp dport 41641 counter packets 0 bytes 0 accept
        }

        chain ts-forward {
                iifname "tailscale0" counter packets 0 bytes 0 xt target "MARK"
                meta mark & 0x00ff0000 == 0x00040000 counter packets 0 bytes 0 accept
                oifname "tailscale0" counter packets 0 bytes 0 accept
        }

        chain INPUT {
                type filter hook input priority filter; policy accept;
                counter packets 864 bytes 156962 jump ts-input
        }

        chain DOCKER {
        }

        chain DOCKER-BRIDGE {
        }

        chain DOCKER-CT {
        }

        chain DOCKER-ISOLATION-STAGE-1 {
        }

        chain DOCKER-ISOLATION-STAGE-2 {
        }
}
# Warning: table ip6 nat is managed by iptables-nft, do not touch!
table ip6 nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
                xt match "addrtype" counter packets 0 bytes 0 jump DOCKER
        }

        chain OUTPUT {
                type nat hook output priority dstnat; policy accept;
                ip6 daddr != ::1 xt match "addrtype" counter packets 0 bytes 0 jump DOCKER
        }

        chain ts-postrouting {
                meta mark & 0x00ff0000 == 0x00040000 counter packets 0 bytes 0 xt target "MASQUERADE"
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                counter packets 56 bytes 14182 jump ts-postrouting
        }

        chain DOCKER {
        }
}
table ip raw {
        chain PREROUTING {
                type filter hook prerouting priority raw; policy accept;
        }
}

/etc/docker/daemon.json

[🔴] × sudo cat /etc/docker/daemon.json
cat: /etc/docker/daemon.json: No such file or directory

yes

[🔴] × groups
stephen vboxusers docker realtime video lp input wheel

table ip filter {
        chain DOCKER {
        }

Some is missing here inside your iptables -nL
your chain docker + bridge + isolation stage 1 +2 is not correct.
Sorry, but your docker is not right configured.
Fastest step
Save your docker containers → how ?
https://linuxconfig.org/docker-container-backup-and-recovery
→ deinstall all relevant stuff from docker
sudo pacman -R docker docker-buildx docker-composer
Delete all the network stuff :
nmcli connection delete docker0 docker network rm docker0 brctl delbr docker0
→ reboot → install docker → enable the docker service → reboot
( pls no cmds like pkill etc) → test then docker over hello-world + apt update → all fine ?
If yes recover your container and pls !only! your container.
To fix the issue by hand → please consider we had a update yesterday iptables-nft +
you use cachyos-bore → perhaps there is at the moment also now the " issue" for this.
(myself, i don’t use these gaming kernels for work → test your docker with the zen kernel)
Use cmd docker network inspect [OPTIONS] NETWORK [NETWORK...]
for lowlevel information + perhaps you find a solution there →

I’m not sure if this will fix my issue as I did not change any docker configuration since installing docker. That’s what I’ve been using on Zen and cachyos kernels for the last few months. This is why I’m confused. But will try reinstalling.

same issue just no info

lol. i would also type about this link…not helpful..sorry..

ok, i removed docker using your suggestions, and did rm -rf /var/lib/docker and nuked everything. Does not work on Zen or cachyos kernel.

hello-world and ubuntu apt works until i start vscode devcontainer lol

Then is something wrong with the “newest” version of docker.
If, downgrade docker or wait for the next version .

siiiiiiiiiiiiiiiiiiiiiigh

With the last update of iptables-nft (1.8.11-1) introduced a bug with docker that disconnect all docker network interfaces from Internet (or any external network).

image1290×253 45.9 KB

Try to update it with the patch (1.8.11-2), it fixed all for me.

Before that, I had to change the policy for forward (iptables -P FORWARD ACCEPT) you can try it too.

Appears to be the fix I needed.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.