Created
August 27, 2016 05:45
-
-
Save kireal/fd3ff6119f0ec2317de947c342b05d82 to your computer and use it in GitHub Desktop.
Docker outbound connection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The FORWARD chain does need policy set to ACCEPT if you have --iptables=false. It only appears this is not needed because the Docker installation package auto starts Docker and adds iptable rules the FORWARD chain. When afterwards you add --iptables=false to your config and restart docker those rules are still there. After the next reboot these rules will be gone and your containers wont be able to communicate unless you have the FORWARD chain policy set to ACCEPT. | |
| What you need for a setup that allows filtering with UFW, inter container networking and outbound connectivity is | |
| start docker with --iptables=false | |
| FORWARD chain policy set to ACCEPT | |
| add the following NAT rule: | |
| iptables -t nat -A POSTROUTING ! -o docker0 -s 172.17.0.0/16 -j MASQUERADE | |
| https://github.com/docker/docker/issues/4737 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment