Normally I'd start with tcpdump as the lowest-level tracing tool, but
first I'd want to know a bit more about your scenario. Instead of using
"host" and "docker" terminology (I am not familiar with docker, so I am
not sure if you are implying a VM trying to communicate with the
underlying host)
UC4Esiu5N_zg2JRERufw5HvA>
__
From: Simon Matter
Sent: Thursday, March 20, 2025 11:23 AM
To: Shorewall Users
Cc: Sean Murphy
Subject: Re: [Shorewall-users] Problems accessing host from docker container
running on host
[You don't often get email from simon.
Sorfleet
Sent: Wednesday, March 19, 2025 7:16 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Problems accessing host from docker container
running on host
[You don't often get email from w...@romanus.ca. Learn why this is important at
| YouTube
__
From: Winston Sorfleet
Sent: Friday, March 21, 2025 11:53 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Problems accessing host from docker container
running on host
[You don't often get email from w...@romanus.ca.
On 3/19/25 10:49, Sean Murphy via Shorewall-users wrote:
Hi all,,
We have been (ab)using shorewall for some years now and we're v happy with it -
thanks everyone and Tom in particular for such a great tool.
We have been using it to manage security for a set of VMs running applications
with dock
kedin | YouTube
__
From: Winston Sorfleet
Sent: Thursday, March 20, 2025 6:23 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Problems accessing host from docker container
running on host
[You
Vieri is right, I did miss the "all all ACCEPT" with the message thread
truncation. Still... like Roger I would be a little more assured if
Sean put in an explicit "dock fw ACCEPT" and "fw dock ACCEPT" just for
testing. Particularly given the potential complication of a bridge
interface. I a
ISTR ‘all’ doesn’t include the firewall unless you explicitly state it (or use
‘all+’ but I’m less sure of this). So doesn’t there need to be a policy of
‘dock’ to $FW ACCEPT?
--
Roger Hayter
> On 21 Mar 2025, at 13:08, Vieri Di Paola wrote:
>
>
>
> On Fri, Mar 21, 2025, 13:16 Winston S
On Fri, Mar 21, 2025, 13:16 Winston Sorfleet wrote:
> Well, it would seem to me that's the problem - your VM is in the Docker
> zone, and the host you want to access is in the Fw zone.
But OP has 'all all ACCEPT' as policy.
Try setting to 'all all ACCEPT INFO' and confirm in logs that you see t
se.ch
T +41 44 289-84-22
www.datahouse.ch
Linkedin | YouTube
__
From: Matt Darfeuille
Sent: Wednesday, March 19, 2025 8:19 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Problems accessing host from
m/channel/UC4Esiu5N_zg2JRERufw5HvA
__
From: Winston Sorfleet
Sent: Wednesday, March 19, 2025 7:16 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Problems accessing host from docker
container running on host
[You don't often get email from w...@romanus.ca
arch 19, 2025 8:19 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Problems accessing host from docker
container running on host
[You don't often get email from m...@shorewall.org. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification
6 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Problems accessing host from docker container
running on host
[You don't often get email from w...@romanus.ca. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Normally I'd start with t
edin | YouTube
> __
>
>
>
> From: Matt Darfeuille
> Sent: Wednesday, March 19, 2025 8:19 PM
> To: shorewall-users@lists.sourceforge.net
>
> Subject: Re: [Shorewall-users] Problems accessing hos
tahouse.ch
T +41 44 289-84-22
www.datahouse.ch
Linkedin | YouTube
__
From: Matt Darfeuille
Sent: Wednesday, March 19, 2025 8:19 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Problems accessing
15 matches
Mail list logo
