I have a 3 controller + 4 worker node swarm (Engine 1.12.1 in swarm mode on RHEL 7.2). I’m not having any luck figuring out how to configure firewalld to enable access to published services on the swarm.
As a test, I created an nginx service published on port 32000.
docker service create -p 32000:80 --name nginx nginx
On each individual node, I can
curl http://127.0.0.1:32000/ and get the expected response. But, I can’t connect from any other machine. I just get
curl: (7) Failed to connect to example.ucalgary.ca port 32000: Connection refused.
Firewalld is configured to accept connections on ports 30000 to 32767. If I turn firewalld off, then everything works. But, I can’t figure out how to get it to work with firewalld on. What am I misssing?
Here’s my firewalld service for
<?xml version="1.0" encoding="utf-8"?> <service> <short>Docker Ingress Load Balancing</short> <description>These ports enable Docker ingress load balancing in a Docker swarm. The default range for published ports is 30000 to 32767. See https://docs.docker.com/engine/swarm/key-concepts/ for details.</description> <port protocol="tcp" port="30000-32767"/> </service>
And, the firewall config.
[root@example kchuang]# firewall-cmd --zone=public --list-all public (default, active) interfaces: ens192 sources: services: docker-ingress docker-overlay ports: masquerade: no forward-ports: icmp-blocks: rich rules: rule family="ipv4" source address="10.0.0.0/8" service name="docker-ingress" accept rule family="ipv4" source address="18.104.22.168/16" service name="docker-ingress" accept