I've got small EC2 Ubuntu instance which was running fine for more then 10 yeas and didn't have any problems with neither incoming connections nor outgoing.
All of a sudden simple command sudo apt update started to fail to connect to repositories failing like that:
Cannot initiate the connection to eu-west-1.ec2.archive.ubuntu.com:80 (2a05:d018:fd:f302:55ec:6d1c:c751:1067). - connect (101: Network is unreachable)
It was pretty old 16 version so created new EC2 instance with up to date Ubuntu 24. Initially everything was woking fine, but once i've installed Docker the problem got back now i cannot even wget anything outside it merely gets stuck until timout:
wget http://google.com/Resolving google.com (google.com)... 172.253.116.113, 172.253.116.138, 172.253.116.139, ...Connecting to google.com (google.com)|172.253.116.113|:80... ^C
apt update:
Failed to fetch https://download.docker.com/linux/ubuntu/dists/noble/InRelease Cannot initiate the connection to download.docker.com:443 (2600:9000:265e:0:3:db06:4200:93a1). - connect (101: Network is unreachable)
Incoming connections e.g. SSH work w/p
Security outbound rules in AWS console allow everything:
All All 0.0.0.0/0
Network settings are also fine, and again, problem emerged after installing Docker (at leas it appears so)
I also have local Ubuntu 20 server with docker and it works perfectly though i did exactly the same what i did on EC2 instance
I suspect there's some king of mess with routing table but i have no netstat or other network tools and cannot install them.
Some info i've managed to collect
sudo iptables -L -v -nChain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destinationChain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER-USER 0 -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DOCKER-ISOLATION-STAGE-1 0 -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT 0 -- docker0 docker0 0.0.0.0/0 0.0.0.0/0Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destinationChain DOCKER (1 references) pkts bytes target prot opt in out source destinationChain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination 0 0 DOCKER-ISOLATION-STAGE-2 0 -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0 0 0 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0Chain DOCKER-ISOLATION-STAGE-2 (1 references) pkts bytes target prot opt in out source destination 0 0 DROP 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 0 0 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0ip routedefault via 172.31.32.1 dev enX0 proto dhcp src 172.31.35.63 metric 100172.31.0.2 via 172.31.32.1 dev enX0 proto dhcp src 172.31.35.63 metric 100172.31.32.0/20 dev enX0 proto kernel scope link src 172.31.35.63 metric 100172.31.32.1 dev enX0 proto dhcp scope link src 172.31.35.63 metric 100192.168.1.0/24 dev docker0 proto kernel scope link src 192.168.1.1 linkdowncurl -v http://google.com* Host google.com:80 was resolved.* IPv6: 2a00:1450:400b:c02::65, 2a00:1450:400b:c02::8b, 2a00:1450:400b:c02::8a, 2a00:1450:400b:c02::71* IPv4: 209.85.203.139, 209.85.203.100, 209.85.203.102, 209.85.203.101, 209.85.203.138, 209.85.203.113* Trying 209.85.203.139:80...* Trying [2a00:1450:400b:c02::65]:80...* Immediate connect fail for 2a00:1450:400b:c02::65: Network is unreachable* Trying [2a00:1450:400b:c02::8b]:80...* Immediate connect fail for 2a00:1450:400b:c02::8b: Network is unreachableTo sum up: 10 years no problem with connection now even on new instance after installing docker- problem
Any advise how to solve the problem would be appreciated