From cabe624c823348579ada234e3c029479683f624c Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Mon, 27 Jan 2014 21:35:05 -0700 Subject: [PATCH] Add --ip-forward flag to daemon (enabled by default) which automatically sets "net.ipv4.ip_forward" to 1 See also https://groups.google.com/d/topic/docker-dev/DCjF5Prx7HA/discussion Docker-DCO-1.1-Signed-off-by: Andrew Page (github: tianon) --- config.go | 2 ++ docker/docker.go | 2 ++ network.go | 8 ++++++++ 3 files changed, 12 insertions(+) diff --git a/config.go b/config.go index 5a6de7a873..a948744f0e 100644 --- a/config.go +++ b/config.go @@ -13,6 +13,7 @@ type DaemonConfig struct { EnableCors bool Dns []string EnableIptables bool + EnableIpForward bool BridgeIface string BridgeIp string DefaultIp net.IP @@ -33,6 +34,7 @@ func ConfigFromJob(job *engine.Job) *DaemonConfig { config.Dns = dns } config.EnableIptables = job.GetenvBool("EnableIptables") + config.EnableIpForward = job.GetenvBool("EnableIpForward") if br := job.Getenv("BridgeIface"); br != "" { config.BridgeIface = br } else { diff --git a/docker/docker.go b/docker/docker.go index 5f5b3c17ce..3a9b14db5f 100644 --- a/docker/docker.go +++ b/docker/docker.go @@ -36,6 +36,7 @@ func main() { flEnableCors = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API") flDns = docker.NewListOpts(docker.ValidateIp4Address) flEnableIptables = flag.Bool([]string{"#iptables", "-iptables"}, true, "Disable docker's addition of iptables rules") + flEnableIpForward = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Disable enabling of net.ipv4.ip_forward") flDefaultIp = flag.String([]string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports") flInterContainerComm = flag.Bool([]string{"#icc", "-icc"}, true, "Enable inter-container communication") flGraphDriver = flag.String([]string{"s", "-storage-driver"}, "", "Force the docker runtime to use a specific storage driver") @@ -88,6 +89,7 @@ func main() { job.SetenvBool("EnableCors", *flEnableCors) job.SetenvList("Dns", flDns.GetAll()) job.SetenvBool("EnableIptables", *flEnableIptables) + job.SetenvBool("EnableIpForward", *flEnableIpForward) job.Setenv("BridgeIface", *bridgeName) job.Setenv("BridgeIp", *bridgeIp) job.Setenv("DefaultIp", *flDefaultIp) diff --git a/network.go b/network.go index 85b0a588df..2396c6b320 100644 --- a/network.go +++ b/network.go @@ -9,6 +9,7 @@ import ( "github.com/dotcloud/docker/pkg/netlink" "github.com/dotcloud/docker/proxy" "github.com/dotcloud/docker/utils" + "io/ioutil" "log" "net" "strconv" @@ -499,6 +500,13 @@ func newNetworkManager(config *DaemonConfig) (*NetworkManager, error) { } } + if config.EnableIpForward { + // Enable IPv4 forwarding + if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte{'1', '\n'}, 0644); err != nil { + log.Printf("WARNING: unable to enable IPv4 forwarding: %s\n", err) + } + } + portMapper, err := newPortMapper(config) if err != nil { return nil, err