Unused POSTROUTING rules #12632

itatabitovski · 2015-04-22T10:16:10Z

I've noticed that except the first rule none of the other rules are used. Are they needed for some corner case or they can be removed?

Chain POSTROUTING (policy ACCEPT 1313K packets, 79M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    1195K   76M MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
2        0     0 MASQUERADE  tcp  --  *      *       172.17.0.3           172.17.0.3           tcp dpt:9115
3        0     0 MASQUERADE  tcp  --  *      *       172.17.0.6           172.17.0.6           tcp dpt:443
4        0     0 MASQUERADE  tcp  --  *      *       172.17.0.13          172.17.0.13          tcp dpt:80
5        0     0 MASQUERADE  tcp  --  *      *       172.17.0.14          172.17.0.14          tcp dpt:9200
6        0     0 MASQUERADE  tcp  --  *      *       172.17.0.16          172.17.0.16          tcp dpt:8080
7        0     0 MASQUERADE  tcp  --  *      *       172.17.0.17          172.17.0.17          tcp dpt:9116
8        0     0 MASQUERADE  tcp  --  *      *       172.17.0.14          172.17.0.14          tcp dpt:9300
9        0     0 MASQUERADE  tcp  --  *      *       172.17.0.21          172.17.0.21          tcp dpt:9103
10       0     0 MASQUERADE  tcp  --  *      *       172.17.0.22          172.17.0.22          tcp dpt:80
11       0     0 MASQUERADE  tcp  --  *      *       172.17.0.24          172.17.0.24          tcp dpt:3000
12       0     0 MASQUERADE  tcp  --  *      *       172.17.0.35          172.17.0.35          tcp dpt:9200
13       0     0 MASQUERADE  tcp  --  *      *       172.17.0.35          172.17.0.35          tcp dpt:9200
14       0     0 MASQUERADE  tcp  --  *      *       172.17.0.35          172.17.0.35          tcp dpt:9300
15       0     0 MASQUERADE  tcp  --  *      *       172.17.0.35          172.17.0.35          tcp dpt:9300
16       0     0 MASQUERADE  tcp  --  *      *       172.17.0.40          172.17.0.40          tcp dpt:80
17       0     0 MASQUERADE  tcp  --  *      *       172.17.0.41          172.17.0.41          tcp dpt:9110
18       0     0 MASQUERADE  tcp  --  *      *       172.17.0.43          172.17.0.43          tcp dpt:80
19       0     0 MASQUERADE  tcp  --  *      *       172.17.0.49          172.17.0.49          tcp dpt:80
20       0     0 MASQUERADE  tcp  --  *      *       172.17.0.51          172.17.0.51          tcp dpt:9200
21       0     0 MASQUERADE  tcp  --  *      *       172.17.0.51          172.17.0.51          tcp dpt:9300
22       0     0 MASQUERADE  tcp  --  *      *       172.17.0.54          172.17.0.54          tcp dpt:80

The text was updated successfully, but these errors were encountered:

LK4D4 · 2016-09-13T18:51:50Z

ping @mavenugo @mrjana @aboch
Can you pls answer this question?

aboch · 2016-10-31T22:37:29Z

@itatabitovski
I see those rules are hit when docker is started with --userland-proxy=false and you try to access the service's published port on the host or bridge interface address from inside the container .

itatabitovski · 2016-10-31T22:43:00Z

@aboch thanks, I've never run docker with --userland-proxy=false. Maybe these rules should not be created by default?

aboch · 2016-10-31T22:56:04Z

agree

cpuguy83 added the area/networking label Sep 12, 2015

thaJeztah added the kind/question label Sep 23, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unused POSTROUTING rules #12632

Unused POSTROUTING rules #12632

itatabitovski commented Apr 22, 2015

LK4D4 commented Sep 13, 2016

aboch commented Oct 31, 2016

itatabitovski commented Oct 31, 2016 •

edited

aboch commented Oct 31, 2016

Unused POSTROUTING rules #12632

Unused POSTROUTING rules #12632

Comments

itatabitovski commented Apr 22, 2015

LK4D4 commented Sep 13, 2016

aboch commented Oct 31, 2016

itatabitovski commented Oct 31, 2016 • edited

aboch commented Oct 31, 2016

itatabitovski commented Oct 31, 2016 •

edited