Docker Community Forums

Share and learn in the Docker community.

Container linking on centos 7 / boot2docker


(Franck102) #1

Hi all,

I am new to docker and really struggling with container linking.

I have set up a postgres image from centos:7, and in that container lsof tells me that postgres is listening on port 5432, and locally I can telnet to the port.
I have setup container linking with a client container, however I can’t telnet to that port from the client (connection refused).
The linking setup looks correct (/etc/hosts & environment variables look good on the client), and I suspect this may have to do with firewalld / iptables on the postgres image… however I have been unable to confirm that.

The pb is, I can’t even find out if a firewall is running on the server container: I have read all the threads about fakesystemd / systemd, trying to install / enable those commands, and I am not getting anywhere.

So here are a couple questions, hopefully someone with more centos experience can help:

  • w/o systemd installed, how can I find out if a firewall is running on the server container?
    lsmod | grep ip returns this:

    ipt_MASQUERADE 12288 1
    iptable_nat 12288 1
    … does this mean that iptables is running? Isn’t centos 7 using firewalld by default?

  • isn’t docker suppose to dynamically modify the iptables configuration to allow docker networking / container linking? My /etc/sysconfig/iptables looks like this, I don’t see anything specific in there:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

  • Is there a way (without systemd) to shutdown any firewall on the server?

Some guidance would be really appreciated… thanks!
Franck

Update: Running SHOW ALL in psql shows this:

listen_addresses | localhost

even though my postgresql.conf has this line:

listen_addresses = ‘*’ # what IP address(es) to listen on;

… so at least I know what to look into.


(Franck102) #2

Issue resolved, my postgresql.conf simply wasn’t being loaded and postgres was listening on localhost only.

Franck