Tom Eastep wrote:

> On 8/30/2013 12:33 PM, Johannes Graumann wrote:
>> Tom Eastep wrote:
>> 
>>> On 8/29/2013 1:44 PM, Johannes Graumann wrote:
>>>> Hello,
>>>>
>>>> I have started playing around with docker (https://www.docker.io/) and
>>>> am having trouble to integrate the "docker0" bridge it creates on the
>>>> fly into my shorewall setup (version 4.5.16.1) on debian testing.
>>>>
>>>> IP forwarding is on and I have defined a "doc" ipv4 zone and the
>>>> interfaces has an entry like so,
>>>>> doc     docker0
>>>>> tcpflags,nosmurfs,logmartians,bridge,routeback,optional
>>>>
>>>> and "policy" like so
>>>>> doc     net     ACCEPT
>>>>
>>>> However, when firing up an container and trying to acces the web,
>>>> "shorewall logwatch" is giving me entries like
>>>>> doc2net:REJECT:IN=docker0 OUT=eth0 PHYSIN=veth3sm8hc SRC=172.17.0.7
>>>> DST=192.168.100.1 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=19346 DF
>>>> PROTO=UDP SPT=52963 DPT=53 LEN=48
>>>>
>>>> Can anyone hint at what else I need?
>>>>
>>>> Docker generates on the fly a interface like so:
>>>> vethuZdLHZ Link encap:Ethernet  HWaddr fe:65:f2:16:ef:60
>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>           RX packets:15 errors:0 dropped:0 overruns:0 frame:0
>>>>           TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
>>>>           collisions:0 txqueuelen:1000
>>>>           RX bytes:1166 (1.1 KiB)  TX bytes:42 (42.0 B)
>>>>
>>>> Do I have to list this explicitly and can wildcarding be used in
>>>> interface definition?
>>>>
>>>> Thanks for any pointers.
>>>>
>>>
>>> It would be helpful to see the output of 'shorewall dump' collected as
>>> described at http://www.shorewall.net/support.htm#Guidelines
>> 
>> Attached. thank you for your time.
>> 
> 
> The Shorewall configuration that was running when the dump was taken is
> not the same as the one that produced the log messages. There is no
> logging rule in the current configuration that has log prefix
> 'doc2net:REJECT:' which appears in the log messages.
> 
> -Tom

Ha. Could this be a case of network-manager/shorewall interference?

Joh


------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to