Add --ip-forward flag to daemon (enabled by default) which automatica…

…lly sets "net.ipv4.ip_forward" to 1 See also https://groups.google.com/d/topic/docker-dev/DCjF5Prx7HA/discussion Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
moby · Jan 28, 2014 · cabe624 · cabe624
1 parent ed12818
commit cabe624
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/config.go b/config.go
@@ -13,6 +13,7 @@ type DaemonConfig struct {
 	EnableCors                  bool
 	Dns                         []string
 	EnableIptables              bool
+	EnableIpForward             bool
 	BridgeIface                 string
 	BridgeIp                    string
 	DefaultIp                   net.IP
@@ -33,6 +34,7 @@ func ConfigFromJob(job *engine.Job) *DaemonConfig {
 		config.Dns = dns
 	}
 	config.EnableIptables = job.GetenvBool("EnableIptables")
+	config.EnableIpForward = job.GetenvBool("EnableIpForward")
 	if br := job.Getenv("BridgeIface"); br != "" {
 		config.BridgeIface = br
 	} else {

diff --git a/docker/docker.go b/docker/docker.go
@@ -36,6 +36,7 @@ func main() {
 		flEnableCors         = flag.Bool([]string{"#api-enable-cors", "-api-enable-cors"}, false, "Enable CORS headers in the remote API")
 		flDns                = docker.NewListOpts(docker.ValidateIp4Address)
 		flEnableIptables     = flag.Bool([]string{"#iptables", "-iptables"}, true, "Disable docker's addition of iptables rules")
+		flEnableIpForward    = flag.Bool([]string{"#ip-forward", "-ip-forward"}, true, "Disable enabling of net.ipv4.ip_forward")
 		flDefaultIp          = flag.String([]string{"#ip", "-ip"}, "0.0.0.0", "Default IP address to use when binding container ports")
 		flInterContainerComm = flag.Bool([]string{"#icc", "-icc"}, true, "Enable inter-container communication")
 		flGraphDriver        = flag.String([]string{"s", "-storage-driver"}, "", "Force the docker runtime to use a specific storage driver")
@@ -88,6 +89,7 @@ func main() {
 		job.SetenvBool("EnableCors", *flEnableCors)
 		job.SetenvList("Dns", flDns.GetAll())
 		job.SetenvBool("EnableIptables", *flEnableIptables)
+		job.SetenvBool("EnableIpForward", *flEnableIpForward)
 		job.Setenv("BridgeIface", *bridgeName)
 		job.Setenv("BridgeIp", *bridgeIp)
 		job.Setenv("DefaultIp", *flDefaultIp)

diff --git a/network.go b/network.go
@@ -9,6 +9,7 @@ import (
 	"github.com/dotcloud/docker/pkg/netlink"
 	"github.com/dotcloud/docker/proxy"
 	"github.com/dotcloud/docker/utils"
+	"io/ioutil"
 	"log"
 	"net"
 	"strconv"
@@ -499,6 +500,13 @@ func newNetworkManager(config *DaemonConfig) (*NetworkManager, error) {
 		}
 	}
 
+	if config.EnableIpForward {
+		// Enable IPv4 forwarding
+		if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte{'1', '\n'}, 0644); err != nil {
+			log.Printf("WARNING: unable to enable IPv4 forwarding: %s\n", err)
+		}
+	}
+
 	portMapper, err := newPortMapper(config)
 	if err != nil {
 		return nil, err