...
Within a docker container, a “curl http://google.com” com” works fine, but a “curl https://google.com” com” would fail. However, outside of the container on the VM natively, both of these will work.
...
| Code Block |
|---|
iptables -I FORWARD -p tcp --tcp-flags SYN,text SYN -j TCPMSS --clamp-mss-to-pmtu |
This sets the “maxi,um “maximum segment size” value of a TCP Syn packet when it initiates a connection as part of “path MTU” negotiation. This is intended to get past the issue of “icmp 3 code 4” packet blocking issues (by the sending of the original packet) where the “Don’t fragment” flag is set on an IP packet, but the packet is too large and the sending router/host does not receive the icmp 3 code 4 packet to change and resend the “too large” packet as a smaller size. This is often an issue when using tunnelling or “packet sleeving” – GRE and IPSEC packets as well.
...
https://www.frozentux.net/iptables-tutorial/chunkyhtml/x4721.html
https://stackoverflow.com/questions/47551873/no-http-https-connectivity-inside-docker-container