Apt update fails from container but I can reach external IPs with ping and curl

Hi

I solved a similar problem some time ago after reading about problems with ubuntu 18.04 and ipv6, using the following solutions:

1- forcing ipv4 while doing apt update (sudo apt -o Acquire::ForceIPv4=true update)

2- modifying /etc/gai.conf , un commenting this line: precedence ::ffff:0:0/96 100

3- Adding a dns to /etc/systemd/resolved.conf, which ends whit a line like: “DNS Servers: 8.8.4.4” (without quotes )

4- modifying /etc/sysctl.conf in order to add the following lines:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

I applied the same steps today without any success.

I even disabled ufw for a moment in order to check if I had any firewall problem, but even after that, the problem persisted.

I can do, for example, ping to yahoo.com from my container, and i get a correct response, the same happens with curl, for example: curl https://www.keycdn.com

This is the message I get every time I try to apt update:

~# sudo apt -o Acquire::ForceIPv4=true update
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Could not connect to archive.ubuntu.com:80 (91.189.88.174). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.88.173), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.24), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.162), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.31), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.149), connection timed out
Err:2 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Unable to connect to archive.ubuntu.com:http:
Err:3 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
Unable to connect to archive.ubuntu.com:http:
Err:4 http://security.ubuntu.com/ubuntu bionic-security InRelease
Could not connect to security.ubuntu.com:80 (91.189.88.173). - connect (113: No route to host) Could not connect to security.ubuntu.com:80 (91.189.88.24), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.14), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.24), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.174), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.23), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.149), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.31), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.26), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.162), connection timed out
Reading package lists… Done
Building dependency tree
Reading state information… Done
All packages are up to date.
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease Could not connect to archive.ubuntu.com:80 (91.189.88.174). - connect (113: No route to host) Could not connect to archive.ubuntu.com:80 (91.189.88.173), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.24), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.162), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.31), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.149), connection timed out
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease Unable to connect to archive.ubuntu.com:http:
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease Unable to connect to archive.ubuntu.com:http:
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease Could not connect to security.ubuntu.com:80 (91.189.88.173). - connect (113: No route to host) Could not connect to security.ubuntu.com:80 (91.189.88.24), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.14), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.24), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.174), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.23), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.149), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.31), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.26), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.162), connection timed out
W: Some index files failed to download. They have been ignored, or old ones used instead.

Bad MTU maybe?

Did not have time anymore so, I decided to kill my instance and start fresh, create containers again.
After that I did not have any apt update problem at container level.
Thanks anyway for your comment !!
Cheers

Just realized what happened in my previous setup:

I was using iptables in order to forward port 80 to container instead installing nginx on host

The rule was something like:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 10.xx.xx.xx:80

As soon as I tried this again in my new setup, i got the same symptom (could not do apt update), and after deleting the rule, everything worked again like a charm.

I am sorry for wasting your time guys. My mistake …

Thanks @bluis8 I was scratching me head as to why my container could ping but could not update.
Completely forgot that the host forwards all port 80 traffic to the NGINX container