DEV Community

Discussion on: Install Docker on Windows (WSL) without Docker Desktop

Collapse
 
salvatorepiccione profile image
Salvatore Piccione

Hi, I have exactly the same issue... @bowmanjd can you share any hint about how to get Internet connection working on docker containers running on WSL2?

Collapse
 
salvatorepiccione profile image
Salvatore Piccione

BTW I solved this issue switching from Debian to Ubuntu as WSL2 distro.

Thread Thread
 
timblaktu profile image
Tim Black

I'm having same issue, using Debian 11 on WSL2. With a Dockerfile containing only:

FROM centos:7
RUN yum -y install httpd

I was getting yum errors not resolving the name of the mirror server:

Determining fastest mirrors
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=container error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"

Since I could resolve the name of the server from Debian WSL2 with no issue, I knew my DNS was working there. So I added some sleuthing to the Dockerfile:

FROM centos:7 RUN cat /etc/resolv.conf && ping -v -c2 host.docker.internal && ping -v -c2 1.1.1.1 && ping -v google.com && ping -v mirrorlist.centos.org RUN echo "timeout=30" >> /etc/yum.conf && cat /etc/yum.conf && yum -y install httpd

and run docker build with --add-host=host.docker.internal:host-gateway, I can see that I can ping the host from the container, but the container cannot seem to ping any external ip, even the cloudflare dns 1.1.1.1 or google's 8.8.8.8.

I've played around with setting DNS in the container explicitly using the /etc/docker/daemon.json with things like "dns": ["1.1.1.1", "8.8.8.8"], but if the container can't even get connectivity to these ips that's not going to work..

My Debian environment does not have any iptables configured. I'm flummoxed.

Thread Thread
 
timblaktu profile image
Tim Black • Edited

I found my debian environment is configured to use iptables-nft:

$> sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
* 0            /usr/sbin/iptables-nft      20        auto mode
  1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode
Enter fullscreen mode Exit fullscreen mode

But I was getting no rules generated by iptables-nft-save, and several rules generated by iptables-legacy-save, so I explicitly update-alternatives to iptables-legacy and rebooted (host and wsl2/debian). (Will report back with results..)

Thread Thread
 
timblaktu profile image
Tim Black • Edited

Still same error after switching explicitly to iptables-legacy in debian 11. FWIW, I'm also passing the following dns servers to my containers via docker daemon.json:

# This one is the WSL net interface as seen by windows. It cannot be pinged from container.
nameserver 172.29.224.1
nameserver 1.1.1.1
nameserver 8.8.8.8
Enter fullscreen mode Exit fullscreen mode

I've tried putting the google and cloudflare dns first in this order, to no avail.

Thread Thread
 
timblaktu profile image
Tim Black

The issue is more easily reproduced on my system by just running ping commands inside the latest alpine image:

$> home/tim/src > docker run --rm -it alpine ping -c4 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes

--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
Enter fullscreen mode Exit fullscreen mode
Thread Thread
 
timblaktu profile image
Tim Black

The problem was that even though I had reverted to iptables-legacy in Debian, I still had iptables: "false" in my docker daemon.json. On removing that, docker can use its default iptables impl and work with Debian Bullseye. Now, my containers can access "the internet".

I realize that your post indicated to use iptables: false as a way to get debian wsl2 instances to work with docker. But that never worked for me for some reason.

Thread Thread
 
bowmanjd profile image
Jonathan Bowman

Yeah, I have actually changed the instructions, removing the iptables:false, as using iptables-legacy seems like the right way to do it.

Thread Thread
 
philippthiele profile image
philippthiele • Edited

I had the same issue with Ubuntu in WSL2. Removing iptables: "false" from the daemon.json and switching to iptables-legacy did the trick. No full reboot was necessary, running "wsl --shutdown" in powershell + reopening the ubuntu shell did the trick. Thanks!

Collapse
 
bowmanjd profile image
Jonathan Bowman

Interesting... What sort of errors are you seeing? Is it all internet connectivity, or just DNS?

Thread Thread
 
salvatorepiccione profile image
Salvatore Piccione

It is all internet connectivity: I cannot ping 1.1.1.1 but I can ping the docker host from a container.