After docker installation on controllers, cluster ZeroWs unable to reach the internet.
91 views
Skip to first unread message
Jehan Alvani
Jul 12, 2020, 7:47:25 PM7/12/20
to ClusterHAT
My google-fu is weak today. Hope you smart folks can help. I have my 3B+ running the 2020-02-13 CBridge Lite image. All my ZeroWs are getting DHCP IPs from my DHCP server on my local network, and can reach my local network as expect. However since installing Docker on the controller this morning, my ZeroWs cannot reach the internet. This makes installing docker/swarm on them challenging.
I've delved through history and found that Docker has messed with iptables to better secure the environment. The fixes I've found so far do not help, however. Here's what I've tried:
- iptables -A FORWARD -i br0 -o br0 -j ACCEPT on the controller
- iptables -P FORWARD ACCEPT on the controller
- iptables -A FORWARD -i br0 -o br0 -j ACCEPT on a test ZeroW
None of the above have helped, and I don't understand iptables well enough to know where I'm going wrong. Unfortunately, Docker's documentation isn't helpful given the clusterhart bridge configuration.
I'm using Clusterhat v.2.3
ifconfig of the controller 3B+ is below (rx/tx details omitted)
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.42 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::b625:435d:c341:d295 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:70:a0:11 txqueuelen 1000 (Ethernet)
brint: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.19.180.254 netmask 255.255.255.0 broadcast 172.19.180.255
inet6 fe80::ce6:59ff:fe9f:d02c prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:fe:01 txqueuelen 1000 (Ethernet)
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:90:f0:05:53 txqueuelen 0 (Ethernet)
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether b8:27:eb:70:a0:11 txqueuelen 1000 (Ethernet)
ethupi1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::222:82ff:feff:fe01 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:fe:01 txqueuelen 1000 (Ethernet)
ethupi2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::222:82ff:feff:fe02 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:fe:02 txqueuelen 1000 (Ethernet)
ethupi3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::222:82ff:feff:fe03 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:fe:03 txqueuelen 1000 (Ethernet)
ethupi4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::222:82ff:feff:fe04 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:fe:04 txqueuelen 1000 (Ethernet)
ethupi1.10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::222:82ff:feff:fe01 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:fe:01 txqueuelen 1000 (Ethernet)
ethupi2.10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::222:82ff:feff:fe02 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:fe:02 txqueuelen 1000 (Ethernet)
ethupi3.10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::222:82ff:feff:fe03 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:fe:03 txqueuelen 1000 (Ethernet)
ethupi4.10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::222:82ff:feff:fe04 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:fe:04 txqueuelen 1000 (Ethernet)
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
ifconfig of P1.local is below
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
usb0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.19.181.1 netmask 255.255.255.0 broadcast 172.19.181.255
inet6 fe80::222:82ff:feff:ff01 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:ff:01 txqueuelen 1000 (Ethernet)
usb0.10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1496
inet 172.19.180.1 netmask 255.255.255.0 broadcast 172.19.180.255
inet6 fe80::222:82ff:feff:ff01 prefixlen 64 scopeid 0x20<link>
ether 00:22:82:ff:ff:01 txqueuelen 1000 (Ethernet)
wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether b8:27:eb:84:b8:fd txqueuelen 1000 (Ethernet)
iptables -L on the controller is below
jehan@cluster0:~ $ sudo iptables -L
[sudo] password for jehan:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Help is truly appreciated.
Peter Cross
Jul 12, 2020, 8:39:02 PM7/12/20
to clust...@googlegroups.com
Weird question...
Did you do this after each reboot? (If you haven’t you need to)
Sent from my iPhone
On Jul 12, 2020, at 18:47, Jehan Alvani <je...@jehanalvani.com> wrote:
My google-fu is weak today. Hope you smart folks can help. I have my 3B+ running the 2020-02-13 CBridge Lite image. All my ZeroWs are getting DHCP IPs from my DHCP server on my local network, and can reach my local network as expect. However since installing Docker on the controller this morning, my ZeroWs cannot reach the internet. This makes installing docker/swarm on them challenging.
--
You received this message because you are subscribed to the Google Groups "ClusterHAT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to clusterhat+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/clusterhat/6aec7c9f-b0a3-46ab-896d-738d7927d3d6n%40googlegroups.com.
Jehan Alvani
Jul 12, 2020, 8:55:32 PM7/12/20
to clust...@googlegroups.com
I never got it working initially, after installing Docker. The issue presented immediately after installing Docker on the controller. I rebooted the appropriate device between each of the bulleted iptables commands in my into all post.
On Jul 12, 2020, at 5:39 PM, Peter Cross <pjc...@gmail.com> wrote:
Weird question...
You received this message because you are subscribed to a topic in the Google Groups "ClusterHAT" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/clusterhat/8i603kzSGDA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to clusterhat+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/clusterhat/C80958D2-2D99-4BD5-9756-4C4D14DD94F7%40gmail.com.
Jehan Alvani
Jul 18, 2020, 10:44:07 PM7/18/20
to ClusterHAT
I've more or less sorted it. Apparently Docker disabled the DHCP service which is required for bridging.
On the controller:
iptables -A FORWARD -i br0 -o br0 -j ACCEPT
Then
sudo systemctl enable --now dhcpcd.service
Per this thread.
Reply all
Reply to author
Forward
0 new messages