Closed rendragnet closed 4 years ago
The DOCKER_NET_INT assignment on line 65 of docker.sh is introducing doublequotes at the start and end of the network ID which is breaking the interface name in iptables rules on docker instances in custom networks.
DOCKER_NET_INT="br-$(docker inspect -f \"{{.NetworkSettings.Networks.${netmode}.NetworkID}}\" ${container} | cut -c -12)"
Is giving rules like: Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 DNAT tcp -- !br-"06d92cc6d20 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.18.0.3:80
needs to be changed to
DOCKER_NET_INT="br-$(docker inspect -f "{{.NetworkSettings.Networks.${netmode}.NetworkID}}" ${container} | cut -c -12)"
(i.e. remove the escaping slashes, as it looks like the $() is escaping them out already)
This gives the expected (and working) rules: Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- docker0 0.0.0.0/0 0.0.0.0/0 0 0 DNAT tcp -- !br-06d92cc6d200 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.18.0.3:80
PS, thanks for these two repos, you have saved me SO much hassle across our fleet!!
I have made the change as you suggested. Thank you
The DOCKER_NET_INT assignment on line 65 of docker.sh is introducing doublequotes at the start and end of the network ID which is breaking the interface name in iptables rules on docker instances in custom networks.
DOCKER_NET_INT="br-$(docker inspect -f \"{{.NetworkSettings.Networks.${netmode}.NetworkID}}\" ${container} | cut -c -12)"
Is giving rules like: Chain DOCKER (2 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !br-"06d92cc6d20 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.18.0.3:80
needs to be changed to
DOCKER_NET_INT="br-$(docker inspect -f "{{.NetworkSettings.Networks.${netmode}.NetworkID}}" ${container} | cut -c -12)"
(i.e. remove the escaping slashes, as it looks like the $() is escaping them out already)
This gives the expected (and working) rules: Chain DOCKER (2 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !br-06d92cc6d200 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.18.0.3:80
PS, thanks for these two repos, you have saved me SO much hassle across our fleet!!