Tom Eastep wrote: > On 8/30/2013 12:33 PM, Johannes Graumann wrote: >> Tom Eastep wrote: >> >>> On 8/29/2013 1:44 PM, Johannes Graumann wrote: >>>> Hello, >>>> >>>> I have started playing around with docker (https://www.docker.io/) and >>>> am having trouble to integrate the "docker0" bridge it creates on the >>>> fly into my shorewall setup (version 4.5.16.1) on debian testing. >>>> >>>> IP forwarding is on and I have defined a "doc" ipv4 zone and the >>>> interfaces has an entry like so, >>>>> doc docker0 >>>>> tcpflags,nosmurfs,logmartians,bridge,routeback,optional >>>> >>>> and "policy" like so >>>>> doc net ACCEPT >>>> >>>> However, when firing up an container and trying to acces the web, >>>> "shorewall logwatch" is giving me entries like >>>>> doc2net:REJECT:IN=docker0 OUT=eth0 PHYSIN=veth3sm8hc SRC=172.17.0.7 >>>> DST=192.168.100.1 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=19346 DF >>>> PROTO=UDP SPT=52963 DPT=53 LEN=48 >>>> >>>> Can anyone hint at what else I need? >>>> >>>> Docker generates on the fly a interface like so: >>>> vethuZdLHZ Link encap:Ethernet HWaddr fe:65:f2:16:ef:60 >>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>>> RX packets:15 errors:0 dropped:0 overruns:0 frame:0 >>>> TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 >>>> collisions:0 txqueuelen:1000 >>>> RX bytes:1166 (1.1 KiB) TX bytes:42 (42.0 B) >>>> >>>> Do I have to list this explicitly and can wildcarding be used in >>>> interface definition? >>>> >>>> Thanks for any pointers. >>>> >>> >>> It would be helpful to see the output of 'shorewall dump' collected as >>> described at http://www.shorewall.net/support.htm#Guidelines >> >> Attached. thank you for your time. >> > > The Shorewall configuration that was running when the dump was taken is > not the same as the one that produced the log messages. There is no > logging rule in the current configuration that has log prefix > 'doc2net:REJECT:' which appears in the log messages. > > -Tom
Ha. Could this be a case of network-manager/shorewall interference? Joh ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
