[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Containers cannot perform DNS queries: missing iptables rule

On Fri, Mar 18, 2016 at 5:17 AM, Akram Ben Aissi <akram benaissi gmail com> wrote:
Hi guys,

I have an containairized installation of Origin, and I was struggling with an issue which prevents any of my container to succeed in doing a DNS query through the kubernetes embedded DNS.

I figure out that I had a missing iptable rule in my setup, which may have disappeared or not automatically set: So I added these two, and it works (even if probably not optimally secure)

 iptables -A IN_public_allow -p udp -m udp --dport 53 -j ACCEPT
 iptables -A IN_public_allow -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT

We don't add anything to the IN_public_allow chain, this actually looks like firewalld and not iptables. All rules that we add (with the exception of a jump rule to the chain we create) are added to the OS_FIREWALL_ALLOW chain.

Do you know where this may come from ?
If I take a look at an non containerised installation, running in Enterprise version, I have these rules set.


dev mailing list
dev lists openshift redhat com

Jason DeTiberus

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]