weave: Weave on a single centos7 host, Containers cant resolve each other
I have a single weave host, with two containers running on it.
I started weave
weave launch && weave launch-dns && weave launch-proxy
and then started the containers with docker commands,
docker run -d -ti -h webnode1 --name webnode1 -p 80:80 docker.io/httpd:latest
docker run -d -ti -h webnode2 --name webnode2 -p 8080:80 docker.io/httpd:latest
but i am not able to ping them from one another and then the traffic to the outside world is not passed through.
docker exec webnode1 ping -c 5 webnode2 results in unknown host webnode2
Running the latest version of weave 1.0.1, docker is also latest version.
About this issue
- Original URL
- State: closed
- Created 9 years ago
- Comments: 67 (37 by maintainers)
Commits related to this issue
- TCPDump to trobleshoot github issue https://github.com/weaveworks/weave/issues/1266 — committed to miztiik/cloudera-On-Docker by deleted user 9 years ago
- Merge pull request #1349 from weaveworks/issues/1266-detect-adverse-firewall-config Warn on detection of REJECT rule in FORWARD chain Fixes #1266. — committed to weaveworks/weave by rade 9 years ago
In case anyone else comes across this, and has the same issue and desire:
“As someone using firewalld, I want to use weaveDNS, without disabling firewalld, and i am willing to run a manual command to set up the firewall to make it work”
Here is the firewall-cmd answer:
First, you select a zone, and add your weave and docker interfaces to it:
Then, add the dns service to those interfaces:
sudo firewall-cmd --zone=internal --add-service=dns --permanentand finally reload your configuation ( you’ll probably have to reload docker too )when you launch weave, you will still get the message complaining about the reject rule. But in fact, it will still work because firewall-cmd has inserted a rule that will allow the DNS traffic.
Hope this helps someone else!