beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

network: insert masq rule

Browse source 
This fixes IP masquerading on systems with reject rules at the end of
the POSTROUTING table, by inserting the rule at the beginning of the
table instead of adding it at the end.

Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
This commit is contained in:
Josh Poimboeuf 2014-01-30 11:03:25 -06:00
parent 41c10fb256
commit cc382ec628
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
network.go
View file

@ -327,7 +327,7 @@ func newNetworkManager(config *DaemonConfig) (*NetworkManager, error) {
natArgs := []string{"POSTROUTING", "-t", "nat", "-s", addr.String(), "!", "-d", addr.String(), "-j", "MASQUERADE"}
if !iptables.Exists(natArgs...) {
if output, err := iptables.Raw(append([]string{"-A"}, natArgs...)...); err != nil {
if output, err := iptables.Raw(append([]string{"-I"}, natArgs...)...); err != nil {
return nil, fmt.Errorf("Unable to enable network bridge NAT: %s", err)
} else if len(output) != 0 {
return nil, fmt.Errorf("Error iptables postrouting: %s", output)