0

I have a Docker host with a tunnel listening on 127.0.0.1. There is a container that sends out traffic. I need to get this traffic into the tunnel.

The Docker host is running CentOS 7.2 and I have made the service inside the Docker container send everything to 172.17.42.1, which is the IP of the docker0 interface.

In firewalld, I have created a docker zone which looks like this:

docker (active)
  interfaces: docker0
  sources: 
  services: 
  ports: 
  masquerade: yes
  forward-ports: port=514:proto=udp:toport=514:toaddr=127.0.0.1
  icmp-blocks: 
  rich rules:

Checking with tcpdump, there is traffic on docker0 on port 514 but there's no traffic on lo on port 514.

What am I doing wrong?

Christoffer Reijer
  • 1,925
  • 2
  • 21
  • 40

1 Answers1

0

Check that your Docker version plays well with firewalld. It was fixed just recently: https://github.com/docker/docker/issues/16137

RedHat still recommends to disable firewalld with Docker version included in their repository (1.10.3 currently): https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic-host/version-7/getting-started-with-containers/#setting_up_to_deploy_docker_containers_with_kubernetes

Qwerty
  • 1,732
  • 1
  • 13
  • 18