Hello,
I have started playing around with docker (https://www.docker.io/) and am
having trouble to integrate the "docker0" bridge it creates on the fly into
my shorewall setup (version 4.5.16.1) on debian testing.
IP forwarding is on and I have defined a "doc" ipv4 zone and the interfaces
has an entry like so,
> doc docker0 tcpflags,nosmurfs,logmartians,bridge,routeback,optional
and "policy" like so
>doc net ACCEPT
However, when firing up an container and trying to acces the web, "shorewall
logwatch" is giving me entries like
>doc2net:REJECT:IN=docker0 OUT=eth0 PHYSIN=veth3sm8hc SRC=172.17.0.7
DST=192.168.100.1 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=19346 DF PROTO=UDP
SPT=52963 DPT=53 LEN=48
Can anyone hint at what else I need?
Docker generates on the fly a interface like so:
vethuZdLHZ Link encap:Ethernet HWaddr fe:65:f2:16:ef:60
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1166 (1.1 KiB) TX bytes:42 (42.0 B)
Do I have to list this explicitly and can wildcarding be used in interface
definition?
Thanks for any pointers.
Sincerely, Joh
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
