Hello,
I am using Centos7 + Docker CE
(docker-ce-18.03.1.ce-1.el7.centos.x86_64), in the following setup
1) On interface br-ee1ac3f6bbaf I have network 172.16.26/24
2) Network from (1) is routed via the IP address of eth0 of the CentOS
machine
3) Access to machines in network (1) is direct, without port forwarding
I want to be able to reach other machines in other subnet from the IP
address of the Docker containers. I ran the following command:
firewall-cmd --direct --permanent --add-rule ipv4 nat POSTROUTING 0 -i
br+ -o eth0 -s 172.16.26.0/24 -j ACCEPT
However, the firewall rules for NAT are:
-A POSTROUTING -s 172.16.26.0/24 ! -o br-ee1ac3f6bbaf -j MASQUERADE
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING_direct -s 172.16.26.0/24 -i br+ -o eth0 -j ACCEPT
With this, it always goes via MASQUERADE first, without hitting the
POSTROUTING_direct chain. Is there a way to add this rule on top of
POSTROUTING?
Regards,
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
