I just upgraded to Fedora 32 and suddenly my docker containers could not resolve any DNS. The DNS inside my Docker containers could not for example resolve github.com hence my docker builds were failing.

Reason was that there is a change in the NAT forwarding.

Solution is to enable ip masquerading so packets coming from docker will be forwarded on to the internet.

Find your interface to the internet.

You need to find which interface you are using to go out to the internet. You can achieve this by using the *route* command.

In my case, running route shows me that my default route (The one that has Destination: is my wlp5s0 device. This is my wifi.

[[email protected] ~]$ route -n 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    600    0        0 wlp5s0     U     0      0        0 docker0     U     0      0        0 br-0dddd80888f2

We can list all interfaces with the nmcli command and find the devide that has route4

[[email protected] ~]$ nmcli 
wlp5s0: connected to RadHome-Guest5G
        "Qualcomm Atheros QCA6174"
        wifi (ath10k_pci), 9C:B6:D0:61:84:31, hw, mtu 1500
        ip4 default
        inet6 fe80::971d:58f1:5af:d30c/64
        route6 fe80::/64
        route6 ff00::/8

br-0dddd80888f2: connected to br-0dddd80888f2
        bridge, 02:42:39:C5:82:D4, sw, mtu 1500
        inet6 fe80::42:39ff:fec5:82d4/64
        route6 fe80::/64
        route6 ff00::/8

br-4daf777d907d: connected to br-4daf777d907d
        bridge, 02:42:47:13:2E:D0, sw, mtu 1500
        inet6 fe80::42:47ff:fe13:2ed0/64
        route6 fe80::/64
        route6 ff00::/8


Configure the interface to do masquerading

Run the following command. Replace wlp5s0 with the interface you found from above.

sudo firewall-cmd --get-zone-of-interface=wlp5s0

Which gives me:


Now we finally enable masquerading. On a default 32 Fedora firewalld setup, this is always "FedoraWorkstation" unless you renamed it.

sudo firewall-cmd --zone=FedoraWorkstation --add-masquerade --permanent
sudo firewall-cmd --reload
sudo systemctl restart docker

and your docker containers should work again.