Docker container unable to clone from github.com

I forgot that I asked this question here. But, for those of you who also encounter this issue.

The solution was discovered by @aaronlehmann on GitHub Issue #1090. This issue was (possibly still is) affecting AWS instances, but also appears to affect some residential connections as well.

There are two possible fixes:

Turn on conntrack's "be liberal" flag: echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal. This causes conntrack/NAT to treat packets outside the TCP window as part of the flow being tracked, instead of marking them invalid and causing them to be handled by the host.
Add a rule to drop invalid packets instead of allowing them to trigger RSTs: iptables -I INPUT -m conntrack --ctstate INVALID -j DROP

For me, the ip_conntrack_tcp_be_liberal would never hold its setting after reboot. This required manually running the above command each time I wanted to use docker, so the best solution for me was saving

iptables -I INPUT -m conntrack --ctstate INVALID -j DROP

into my iptables.

All problems then disappeared!

CodeHunter

Docker container unable to clone from github.com

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last