2

I followed these instructions here to build a 3 node Docker Swarm cluster.

In the beginning I opened multiple ports with ufw in order to communicate between the docker nodes:

# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
2376/tcp                   ALLOW IN    Anywhere                  
2377/tcp                   ALLOW IN    Anywhere                  
7946/tcp                   ALLOW IN    Anywhere                  
7946/udp                   ALLOW IN    Anywhere                  
4789/udp                   ALLOW IN    Anywhere                  
22/tcp (v6)                ALLOW IN    Anywhere (v6)             
2376/tcp (v6)              ALLOW IN    Anywhere (v6)             
2377/tcp (v6)              ALLOW IN    Anywhere (v6)             
7946/tcp (v6)              ALLOW IN    Anywhere (v6)             
7946/udp (v6)              ALLOW IN    Anywhere (v6)             
4789/udp (v6)              ALLOW IN    Anywhere (v6)

As you can see port 80 is not open.

So, at the end of the tutorial I deployed the official nginx docker image to the cluster:

docker service create -p 80:80 --name webserver nginx

I was able to enter the IP address of my server and was presented the nginx hello world page.

Now I am wondering, why am I able to reach the webserver although port 80 is not open?

zarathustra
  • 1,898
  • 3
  • 18
  • 38
  • The problem and solution are described in https://stackoverflow.com/questions/30383845/what-is-the-best-practice-of-docker-ufw-under-ubuntu fully. – Te Ri Jan 17 '18 at 05:46

1 Answers1

2

Docker sets iptables rules itself, interfering with UFW.
Try running the docker daemon with the additional command line option --iptables=false.

Oliver
  • 11,857
  • 2
  • 36
  • 42