docker-enabled-vagrant icon indicating copy to clipboard operation
docker-enabled-vagrant copied to clipboard

Published 20 hours ago verified publisher icon William-Yeh

Can't access containers without clearing iptables

Open jverdeyen opened this issue 9 years ago • 3 comments

Hi,

Thanks for this custom build.

I'm using the following Vagrantfile


Vagrant.require_version ">= 1.7.0"

$vm_gui = false
$vm_memory = 2048
$vm_cpus = 4

def vm_gui
  $vb_gui.nil? ? $vm_gui : $vb_gui
end

def vm_memory
  $vb_memory.nil? ? $vm_memory : $vb_memory
end

def vm_cpus
  $vb_cpus.nil? ? $vm_cpus : $vb_cpus
end

Vagrant.configure("2") do |config|

  config.vm.box = "williamyeh/debian-jessie64-docker"
  config.vm.hostname = "vagrant-docker"
  config.vm.network :private_network, ip: "172.17.8.101"
  config.vm.synced_folder ENV['HOME'], ENV['HOME'], id: "home", :nfs => true, :mount_options => ['noatime,soft,nolock,vers=3,udp,proto=udp,udp,rsize=8192,wsize=8192,namlen=255,timeo=10,retrans=3,nfsvers=3']

  config.vm.provider :virtualbox do |vb|
    vb.check_guest_additions = false
    vb.functional_vboxsf     = false
    vb.customize ["modifyvm", :id, "--uart1", "0x3F8", "4"]
    # vb.customize ["modifyvm", :id, "--uartmode1", serialFile]
    vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
    vb.gui = vm_gui
    vb.memory = vm_memory
    vb.cpus = vm_cpus
  end

  config.vm.network "forwarded_port", guest: 2375, host: 2375, auto_correct: true

  if Vagrant.has_plugin?("vagrant-vbguest") then
    config.vbguest.auto_update = false
  end

  config.vm.provision "docker" do |d|
    d.run "tonistiigi/dnsdock",
      args: "--restart=always -v /var/run/docker.sock:/var/run/docker.sock  --name dnsdock -p 0.0.0.0:53:53/udp"
  end
end

I'm using dnsdock as my local dns to resolve to container. But I have to run clear iptables to get access to these containers. And also the c-advisor (with forwarder 8080:8080 ports) can't be reached without clearing the rules.

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Any idea?

jverdeyen avatar Nov 10 '15 13:11 jverdeyen

+1

roynasser avatar Jan 27 '16 21:01 roynasser

Hi,

I'm not a user of dnsdock. So I cannot identify the root cause(s) of the issue you've raised.

Let's try to simplify and isolate the potential problem(s): are the box williamyeh/debian-jessie64-docker and the cadvisor container running inside the box problematic?

Use the following Vagrantfile:

Vagrant.configure(2) do |config|
  config.vm.box = "williamyeh/debian-jessie64-docker"
  config.vm.network "forwarded_port", guest: 8080, host: 8080
end

And I have no problem using a browser to navigate the http://localhost:8080/ dashboard.

William-Yeh avatar Jan 28 '16 08:01 William-Yeh

Hey William, thanks for the input... on my tests the localhost mapping was working, but the hosts network wasnt iirc... I've been trying a bunch of different boxes/oss recently so I'm a bit fuzzy on some details... I'll try and give it a run later to see if I find something more sure

roynasser avatar Jan 29 '16 18:01 roynasser