Connection closed by foreign host when connecting to docker container via tcp

Question

I have a weird problem with connecting to docker containers via tcp.

My OS is Ubuntu 20.04

What I do.

I start my web server in a container. I have tried official Postgresql image and the problem stays the same. So the problem is probably is not my image.

It listens 0.0.0.0 on port 8080 . I have changed the port several times, so it's not about 8080 only.

I forward 8080 container port to 8080 on host. I have tried forwarding to different ports and the problem stays.

Here's the command

docker run --rm --name my-web-container -p8080:8080 my-web-image

The is try to wget localhost:8080 and it hangs for a while and then says

Connection closed by foreign host.

telnet localhost 8080 works for some time and then says the same thing

# telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

If I wget localhost:8080 from within the container everything is fine.

If I add --net=host , to the command, starting the container, the problem goes away.

So I suppose there is something wrong with docker network. I could always use --net=host, but that obviously creates problems.

This appeared out of the blue, I didn't do anything. No system configuration, no installing new software.

Answer 1

I have tried

docker network inspect bridge

That gave the following.

[
    {
        "Name": "bridge",
        "Id": "0e99160be59fd6417984db68695f6e6d4fa016e1d75a26734bccaff427ea6468",
        "Created": "2022-06-08T11:16:47.413799955+03:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,

        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

I paid attention to this part

            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]

And 172.17.0.0 suspiciously looks like some ip address which my internet provider gave me.

I thought maybe I should give bridge network another address. So I have changed /etc/docker/daemon.json from

{
 "experimental": true
}

to

{
 "experimental": true,
  "default-address-pools" :
      [
         {
           "base":"172.26.0.0/16",
           "size":24
         }
      ]
}

And then ran service docker restart

After that the problem disappeared.