...
UFW is a great simple firewall, but at this point I do not recommend installing on your host . Firstif you intend to use port forwarding as there may be conflicts. Second, port forwarding using UFW is overly complex and seems like a hack versus it being very simple with IP Tables.
...
UFW in a Container
Also, firewalls as I understand work at the kernel level. So you should not be installing UFW or even IP Tables inside of a container for now.
I will revisit this topic but believe it is due to modules not loading inside of containers /etc/modules and the container not being able to modify it.
...
There are a number of ways to do this but I favour iptables.
| Note |
|---|
At the moment, it seems to conflict with my favourite firewall utility ufw, but I do not know for sure yet. |
In this example we setup Apache which runs on port 80 in the container which has been assigned the static IP 10.0.3.10.
...
While on the host issue these commands, (TBD, look at making own named chain to distinguish the rules)
| Code Block | ||
|---|---|---|
| ||
# Immediately enable port forwarding rule, but this is not persistent on reboot. # This is for all external connections coming in. sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 10.0.3.10:80 # If any containers initiate outbound requests, they will appear to comewithin the hosts own IP and will not work. # Allow container internal initiated requests to be converted using 'source NAT', # http://blog.codeaholics.org/2013/giving-dockerlxc-containers-a-routable-ip-address/ figuring out |
Now traffic on port 80 on the host will be forwarded to port 80 in the container IP specified. You can see your rules, (note I got to try below output again on a clean machine)
...