My colleague uses meteor-up to deploy docker containers on a debian machine. We recently had a server reboot which deleted some iptables we added to avoid the ufw + docker security flaw.
I'd like to have a fresh configuration for the security flaw (since it was a bit messy at first) so I added the following to iptables as stated in the docker documentation :
sudo iptables -I DOCKER-USER -i eth0 -j DROP
My colleague is getting the following error when deploying :
#14 [7/6] RUN cd /built_app/programs/server && npm install --unsafe-perm
#14 41.92 npm ERR! code EAI_AGAIN
#14 41.92 npm ERR! errno EAI_AGAIN
#14 41.94 npm ERR! request to https://registry.npmjs.org/node-gyp failed, reason: getaddrinfo EAI_AGAIN registry.npmjs.org
#14 41.95
#14 41.95 npm ERR! A complete log of this run can be found in:
#14 41.95 npm ERR! /root/.npm/_logs/2022-06-07T09_25_12_763Z-debug.log
#14 ERROR: executor failed running [/bin/sh -c cd /built_app/programs/server && npm install --unsafe-perm]: runc did not terminate sucessfully
I don't know if this error is docker based or iptables based. I suspect a dns problem so I tried the following :
sudo docker run busybox nslookup google.com
;; connection timed out; no servers could be reached
It seems no dns server is reachable when using the default (bridge) docker network. However if I use the host network :
sudo docker run --network host busybox nslookup google.com
Server: 213.186.33.99
Address: 213.186.33.99:53
Non-authoritative answer:
Name: google.com
Address: 142.250.185.78
*** Can't find google.com: No answer
Do I need to change iptables ? Or is it a networking problem ? or both ?
EDIT 1
It's definitely an iptables problem. I tried to do the same commands on a server that did not have those iptables and it worked. The moment I added the iptables, it stopped working.
I needed to allow ESTABLISHED traffic on the public interfaces with iptables.