安装Docker with Shorewall

由于我的HomeServer的NAT用的是shorewall..所以安装Docker也是需要配置下Shorewall的~

首先安装Docker和Docker-compose
pacman -Sy docker docker-compose

配置Shorewall

/etc/shorewall/shorewall.conf:

DOCKER=Yes

/etc/shorewall/zones:

#ZONE         TYPE        OPTIONS
dock          ipv4        #'dock' is just an example -- call it anything you like

/etc/shorewall/policy:

#SOURCE        DEST        POLICY         LEVEL
dock           $FW         REJECT
dock           all         ACCEPT

/etc/shorewall/interfaces:

#ZONE          INTERFACE        OPTIONS
dock           docker0          bridge   #Allow ICC (bridge implies routeback=1)

or

#ZONE          INTERFACE        OPTIONS
dock           docker0          bridge,routeback=0   #Disallow ICC

容器内网速很慢.
由于自身网络MTU=1492 容器docker0默认1500 所以造成容器内网速慢
ip link show观察下MTU是否一致，判定是不是这个原因。
修改
vim /etc/systemd/system/multi-user.target.wants/docker.service

ExecStart=/usr/bin/docker daemon -H fd:// --mtu=1492

systemctl daemon-reload
systemctl restart docker

参考http://www.shorewall.net/Docker.html#idp63347824