Learn through the super-clean Baeldung Pro experience:
>> Membership and Baeldung Pro.
No ads, dark-mode and 6 months free of IntelliJ Idea Ultimate to start with.
How to Fix if Docker Container Has No Internet
Last updated: August 19, 2025
Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.
Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.
With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.
Try a 14-Day Free Trial of Orkes Conductor today.
1. Overview
When working with Docker, we usually expect Docker containers to have internet access, especially if the host is connected to the Internet. However, it’s common for developers to encounter an issue where a Docker container has no internet. As a consequence, our efforts to download packages, ping external services, or even access APIs become significantly hindered.
In this tutorial, we’ll break down what to do if our Docker container has no internet. To that end, we’ll discuss how Docker handles networking, as well as common causes of the issue in question, and how to troubleshoot and resolve them.
2. How Docker Provides Internet Access to Containers
When we run a container, Docker sets up an internal network that allows the container to access the Internet.
Docker uses a virtual bridge network, typically docker0, to connect containers to the host and the Internet. When a container starts, it’s attached to this virtual bridge and assigned a private IP address. The container sends its network traffic through the bridge, much like devices connect to a home router. Docker rewrites this traffic using a technique called Network Address Translation (NAT) and applies special rules via iptables to route the traffic out through the host’s network connection to reach the Internet.
The setup above usually works seamlessly but can break due to misconfigurations, firewall rules, DNS issues, or problems with network forwarding.
3. Common Causes of a Docker Container Having No Internet
Now, let’s discuss a few reasons that may cause the a Docker container to have no internet:
- DNS configuration issue – containers can fail to resolve domain names to IP addresses, often due to incorrect or missing DNS configuration inside the container
- Iptables or firewall rules – system updates or other firewall tools can reset or override Docker’s iptables and break NAT and forwarding, preventing the container from reaching the Internet
- IP forwarding is disabled – Docker depends on IP forwarding to pass traffic from the container to the host’s external network, and if it’s disabled, the container loses internet access
- Outdated or custom Docker networking configuration – older Docker versions or custom bridge network setups may cause networking issues, for instance, some network drivers may be corrupted or misconfigured
- Conflicting network settings on the host – custom routing tables, VPNs, or external firewalls such as UFW may block Docker’s ability to route traffic correctly
Now that we’ve seen some common causes, let’s discuss how to fix the issue.
4. How to Fix the Issue
Let’s explore several methods to resolve the issue, depending on the root cause.
4.1. Verify DNS Configuration in Docker
If a container can ping an IP address but not a domain, the issue is almost always DNS misconfiguration.
A container may manage to reach external APIs, but fail to resolve domain names to IP addresses such as dns.google. To demonstrate the issue, let’s start a container and explicitly give it an invalid DNS server:
$ docker run --rm --dns 192.0.2.1 alpine ping -c 3 dns.google
ping: bad address 'dns.google'Let’s break down what happens:
- The IP address 192.0.2.1 is part of the TEST-NET-1 block (RFC 5737) reserved for documentation and doesn’t route to a real DNS server
- DNS resolution fails since the container can’t find the IP for dns.google
To verify that Internet access itself isn’t broken, we can ping a public IP address directly:
$ docker run --rm --dns 192.0.2.1 alpine ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=254 time=24.889 ms
64 bytes from 8.8.8.8: seq=1 ttl=254 time=27.273 ms
64 bytes from 8.8.8.8: seq=2 ttl=254 time=108.262 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 24.889/53.474/108.262 msSuccessful pings prove the container can reach the Internet. This also means it’s the DNS that’s broken.
To fix the issue, let’s provide a working DNS server such as Google DNS (8.8.8.8):
$ docker run --rm --dns 8.8.8.8 alpine ping -c 3 dns.google
PING dns.google (8.8.4.4): 56 data bytes
64 bytes from 8.8.4.4: seq=0 ttl=254 time=21.428 ms
64 bytes from 8.8.4.4: seq=1 ttl=254 time=22.814 ms
64 bytes from 8.8.4.4: seq=2 ttl=254 time=45.347 ms
--- dns.google ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 21.428/29.863/45.347 msInstead of specifying a DNS server every time we run a container, we can configure it globally so that all containers can use it by default. Our approach depends on how we’ve installed Docker.
For Docker Desktop on Ubuntu or other Linux distributions, open Docker Desktop, navigate to Settings, and then to Docker Engine. Here, we can add the DNS configuration to the JSON:
{
"dns": ["8.8.8.8", "8.8.4.4"]
}If other settings already exist, we can add the dns field alongside them. For Docker installed via a package manager (non-Desktop), we can create or edit the /etc/docker/daemon.json file to add the dns field.
After the addition, we can restart Docker for the changes to take effect.
Now, all containers launched on our system use the specified DNS servers by default, resolving DNS-related connectivity issues automatically.
4.2. Check IP Forwarding on the Host
Docker relies on IP forwarding to enable containers to send network traffic through the host machine and reach external networks, such as the Internet. If IP forwarding is disabled on the host, containers may appear to have no internet, even though Docker’s bridge and DNS settings seem correct.
Let’s ensure we’ve enabled IP forwarding on the host:
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0If the value above is 0, then IP forwarding is disabled, and we need to enable it:
$ sudo sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1To ensure the addition persists across reboots, we need to edit the /etc/sysctl.conf file:
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1In the file, we need to locate the line above and set the variable value to 1.
4.3. Use a Custom Bridge Network as a Fallback
If DNS and IP forwarding are working but our container still has no internet, the issue may stem from a misconfigured default bridge network. While this isn’t a root-cause fix, we can often bypass the error by creating and using a custom bridge network.
Docker doesn’t allow us to remove or reconfigure the default bridge network. To work around this, we can easily create a custom bridge network. The custom bridge network also behaves similarly to the default one, but is under our control.
To create the network, let’s use custom-net to make a fresh and functioning network configuration:
$ docker network create --driver bridge custom-net
cbcf808fc5ff2d50b9f8c909d738498d7b7c4e73ed30d32499ee6491d4651145Once the network is up, we can run our container using the new network:
$ docker run --rm --network custom-net alpine ping google.comIf the approach above works and we see successful ping responses, the default bridge was likely the issue.
Notably, we can use this approach when we’ve ruled out DNS, firewall, or IP forwarding issues, but the container still can’t access the Internet.
Additionally, we can clean up unused containers or networks to ensure they’re not the reason for misconfiguring the Docker network state. We can clean them up with the help of the docker system prune command:
$ docker system prune
WARNING! This will remove:
- all stopped containers
- all networks not used by at least one container
- all dangling images
- unused build cache
Are you sure you want to continue? [y/N]This ensures that Docker can create a fresh and healthy network.
5. Best Practices
Finally, let’s discuss a few helpful best practices:
- Updating system packages or changing firewall, DNS, or networking settings requires restarting Docker to ensure internal components and iptables rules reload
- Always use a recent stable Docker release, since some networking issues may arise from older Docker versions
- For stability, better isolation, and control, we can utilize custom bridge networks
- We can clean up unused networks and containers using docker system prune to avoid stale configurations interfering with connectivity
Now, we can prevent or mitigate future Internet issues in containers.
6. Conclusion
In this article, we explored several approaches to follow if a Docker container has no internet.
A Docker container with no internet connectivity can hinder development. The issue can be as simple as a DNS misconfiguration or as complicated as routing and firewall rules on the host. By understanding how Docker handles networking and carefully troubleshooting step by step, we can restore Internet connectivity to our containers.