On Thursday, November 24, 2016 at 5:30:52 PM UTC+1, Grzesiek Chodzicki wrote: > W dniu czwartek, 24 listopada 2016 14:05:30 UTC+1 użytkownik Opal Raava > napisał: > > Hi all, > > > > I've not seen many docker posts, but for the heck of it I'd like to report > > on how I made an app-vm that has a website running in docker and reachable > > by everything connected to sys-firewall. > > > > 1) install docker in fedora-24, dnf install docker > > > > 2) create the new appvm, I called it 'docker' > > > > 3) in that app-vm in /rw/config/rc.local, i put: > > > > rm -rf /var/lib/docker > > ln -s /home/user/docker /var/lib/docker > > systemctl start docker > > > > , and I made the dir in /home/user/docker > > now as root i can use 'docker ps' and everything. > > > > > > 4) networking, making 'docker' visible: > > on docker app-vm in /rw/config/qubes-firewall-user-script, i put: > > > > iptables -I INPUT -s 10.137.2.0/24 -j ACCEPT > > > > on sys-firewall, in /rw/config/qubes-firewall-user-script, i put: > > > > iptables -I FORWARD 2 -s 10.137.2.0/24 -d $(docker-appvm-ip) -j ACCEPT > > > > Ok, that's all i have on docker, and it works great. > > 10.137.2.0?24 is the IP addres of your sys-firewall machine, right? I'm > trying to apply a similar configuration to my qubes instance.
Yea, it's the network provided by sys-firewall. I look at the ip number of an appvm using sys-firewall to figure out my net(mask) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1406c9e-521f-4fc2-9075-5b1965a31c60%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
