search

runfinch / finch

The Finch CLI is an open source client for container development
https://www.runfinch.com
Apache License 2.0
3.51k stars 90 forks source link

Finch does not apply `iptables` rules to containers running in a bridge network #538

Closed sam-berning closed 7 months ago

sam-berning commented 1 year ago

Describe the bug If I start a container in a bridge network, iptables rules that I have applied to that network will not be applied as expected.

Steps to reproduce

$ finch network create test-network
$ finch run -d --network test-network --name nginx-test nginx:latest
$ finch inspect nginx-test --format '{{json .NetworkSettings.IPAddress}}'
$ LIMA_HOME=/Applications/Finch/lima/data /Applications/Finch/lima/bin/limactl shell finch
[sam@lima-finch finch]$ sudo cat /etc/cni/net.d/nerdctl-test-network.conflist
# fetch bridge name (should be br-1841d116ee60)
[sam@lima-finch finch]$ sudo iptables -t nat -I PREROUTING -p tcp -d <some-ip> --dport 80 -j DNAT --to-destination <nginx-ip>:80 -i br-1841d116ee60
[sam@lima-finch finch]$ exit
$ finch run -it --network test-network amazonlinux:2
# this works!
bash-4.2# curl <nginx-ip>                                                                                        
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

# this will hang indefinitely
bash-4.2# curl <forwarded-ip>

Expected behavior I should be able to curl the <forwarded-ip> and see the nginx output.

Screenshots or logs N/A

Additional context N/A

To help debug the issue as quickly as possible, we recommend generating a support bundle with finch support-bundle generate and attaching it to this issue. This packages all Finch-related configs and logs into one file.

mharwani commented 7 months ago

Issue is fixed. Closing