No public internet access from pod?

Hi there,

I’m running

# k3s -v
k3s version v1.22.7+k3s1 (8432d7f2)
go version go1.16.10

on

# cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.4 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.4 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

running AWX based on this guide: Install AWX on K3S - Bitbull Wiki

The application is running fine and I can log in to the web interface, but when I trigger an action that accesses the internet (a git checkout in this case) I get a connection error after a timeout of 90 seconds:

Failed to connect to github.com port 443: Connection timed out

I can access the repository URL from the host / node with the command line web browser links without issues and there is no firewall enabled on the host.

Any idea what may cause this issue?

I tried to dig into this issue a litte more and entered the container and ran this command:

# curl https://www.google.com
curl: (7) Failed to connect to www.google.com port 443: Connection timed out

Unfortunately there are not tools like route , netstat and not even ping available in the container.

Any hint on this issue would be greatly appreciated.

This issue was solved in an issue discussion, see: Can't reach internet from pod / container · Issue #5349 · k3s-io/k3s · GitHub

Summary: The default port range for outgoing connections is 32768 to 60999 and there was a default firewall rule allowing TCP packets with the ACK flag from within this range.
Since k3s uses all possible ports for outgoing connections, some of them were below 32768 and the reply packets was blocked by the firewall.