docker 1.13 container is not reachable after giving IP-address #211
Comments
|
is there any workaround known ? |
|
Change back the default policy? |
|
I hit this bug two weeks ago, so everything IIRC:
-> There is no possibility to change back the policy. |
|
Update: this is verified. See moby/moby#28257 (comment) PR moby/moby#490 got unfixed by this. |
|
I meant – change it in the |
Yeah. That's the solution and this is what pipework is actually should do. I assign my containers an IP-Address on my system's main bridge. This IP should be reachable without any specific routing on other computers. Docker network does not do this. This is the reason, why I use pipework: This is very easy with pipework. And with docker 1.13 I'm not able to reach my containers on this global IP anymore. IMO this should be pipework's job. It should add there an additional iptables entry, allowing all connections to/from this specific IP. Also I think just fixing it for myself does not help others. I bet I'm not the only one using this scenario. |
|
I understand. We are trying to move away from pipework and use CNM plugins instead. We could change the iptables policy in pipework, but I'm afraid that this could have security implications in some cases. Perhaps we could:
Let me know if you think that would be helpful! |
with the current new release of docker 1.13, the default Policy of iptables changes from
FORWARDtoDROP(see: moby/moby#28257)pipework won't be successful anymore to assign valid global IPs to docker containers, as all packets get dropped by iptables.
The text was updated successfully, but these errors were encountered: