Hi all,
I am new to docker and really struggling with container linking.
I have set up a postgres image from centos:7, and in that container lsof tells me that postgres is listening on port 5432, and locally I can telnet to the port.
I have setup container linking with a client container, however I can’t telnet to that port from the client (connection refused).
The linking setup looks correct (/etc/hosts & environment variables look good on the client), and I suspect this may have to do with firewalld / iptables on the postgres image… however I have been unable to confirm that.
The pb is, I can’t even find out if a firewall is running on the server container: I have read all the threads about fakesystemd / systemd, trying to install / enable those commands, and I am not getting anywhere.
So here are a couple questions, hopefully someone with more centos experience can help:
-
w/o systemd installed, how can I find out if a firewall is running on the server container?
lsmod | grep ip returns this:ipt_MASQUERADE 12288 1
iptable_nat 12288 1
… does this mean that iptables is running? Isn’t centos 7 using firewalld by default? -
isn’t docker suppose to dynamically modify the iptables configuration to allow docker networking / container linking? My /etc/sysconfig/iptables looks like this, I don’t see anything specific in there:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
- Is there a way (without systemd) to shutdown any firewall on the server?
Some guidance would be really appreciated… thanks!
Franck
Update: Running SHOW ALL in psql shows this:
listen_addresses | localhost
even though my postgresql.conf has this line:
listen_addresses = ‘*’ # what IP address(es) to listen on;
… so at least I know what to look into.