HowTo:Docker 172 Fix: Difference between revisions

From Computer Science Wiki
Jump to navigation Jump to search
Rhunter (talk | contribs)
No edit summary
Rhunter (talk | contribs)
Line 7: Line 7:
<pre>
<pre>
{
{
  "iptables": false
   "default-address-pools":
   "default-address-pools":
   [
   [
Line 17: Line 16:


sudo service docker restart
sudo service docker restart


== UFW Fix ==
== UFW Fix ==
Also note that the fix to allow ufw to control ports in docker is also included as it should for any device on campus which needs a firewall.
Also note that the fix to allow ufw to control ports in docker is also included as it should for any device on campus which needs a firewall.

Revision as of 08:42, 7 May 2024

Background

VT uses a chunk of the 172 private network address space for it's internal private addressing. Docker comes pre-configured to also uses 172.17.0.0/12 which will cause the internal system to ignore any external 172.17.x.x/12 address trying to access the system. To fix this you need to reconfigure your docker to use a different address space like 192.168.x.x/16 or a 10.1.x.x/16 (tech also uses 10.6+.x.x for their networking so this is less safe although 10.5 and lower are guaranteed to be free).

The Fix

To apply the docker fix, create a file called /etc/docker/daemon.json with the following:

{
  "default-address-pools":
  [
    {"base":"10.1.0.0/16","size":24}
  ]
}

Followed by:

sudo service docker restart

UFW Fix

Also note that the fix to allow ufw to control ports in docker is also included as it should for any device on campus which needs a firewall.