[Firehol-support] Problem with Docker & FireHol

Phil Whineray phil at firehol.org
Fri Apr 14 22:07:44 BST 2017


Hi Felix

> I run a server with nginx as web server, and I am trying to reverse proxy another application which is listening on port 8080.
> No problem I thought, but it is not working! I opened port 8080 in firehol to test if there is a problem with the software, but no.
> Then I tried to curl (via ssh on my server) localhost:8080: nothing happened, after a while timeout.
> Then I disabled firehol, and tried again: it works. Via nginx, via curl... So now I am having problems to understand WHY?! and how to solve it,
> as I dont want my server to be running without firewall.
> 
> As I stated in the subject, the software on port 8080 is running in a docker container.
> 
> You can find my firehol config here: https://pastebin.com/aa0tBseP (https://pastebin.com/aa0tBseP)

Did you check the logs [1] when you try using curl or access via nginx?
If packets are being dropped, they should be shown and that will likely
point to the problem quickly. If you have trouble interpreting them
post them here.

On the other hand, I believe docker create its own rules to manipulate
traffic to/from containers. You might need to look at the contents of
iptables-save (or run "firehol status") before and after starting firehol
to see if the necessary rules are in place and accessible.

In particular I note that you create DOCKER and DOCKER-ISOLATION chains
which I guess are for docker to fill in? I am not convinced they will
appear in the generated firewall in a useful location - you should
probably check the output to make sure it did what you expect.

Hope that helps
Phil

1: https://firehol.org/guides/firehol-troubleshooting/


More information about the Firehol-support mailing list