I've been facing a problem recently with my home server running Docker. I have several containers connected to a bridge network (10.4.0.0/24) that I've set up for local network devices to access without directly exposing them. This setup has been working smoothly for years, but since a Docker update a few months ago, I lost access to that bridge network. Although I managed to temporarily fix it with specific iptables rules, after updating to Docker 28.2.2, I'm back to square one. I can ping the Docker engine but not the containers themselves. I wonder what changes in Docker could be causing this issue, especially since another identical server setup is still functioning properly.
2 Answers
You might also want to look into using routed mode for your bridge network. By using `-o com.docker.network.bridge.gateway_mode_ipv4=routed`, you could set Docker to route traffic directly instead of relying on NAT. Also, note that now only the published ports (`-p 80` and such) would be accessible from outside. If you haven't been publishing ports before, you might need to start doing that or use the gateway mode. It can get tricky, but this should help you back on track!
It sounds like you might be dealing with a typical issue related to Docker's NAT settings. Usually, Docker bridge networks aren't meant to be accessed directly from outside the Docker host. It’s a security feature. You may want to check the specific version of Docker you upgraded from, as they made some changes in version 28.0 that prevent direct routing from external sources. If you want to allow it, you can add `"allow-direct-routing": true` to your `/etc/docker/daemon.json`. Just remember that exposing your containers could affect security!
Got it! That makes sense. Since it used to work, I'm curious what changed specifically. Thanks for the tip!
Thanks for this information! I'll definitely look into routed mode and see if that resolves the issue.