(OK) simply running CORE & docker on Fedora 23

[[email protected] core]# ./bootstrap.sh

[[email protected] core]# ./configure --with-startup=systemd

[[email protected] core]# make

[[email protected] core]# make install 

[[email protected] core]#systemctl daemon-reload

[[email protected] core]# systemctl start core-daemon.service

[[email protected] core]# core-gui

NOTE: /root/.core/configs/m-MPE-manet.imn

----------------------

Under the Session Menu, the Options... dialog has an option to set a control network prefix.

This can be set to a network prefix such as 172.16.0.0/24. A bridge will be created on the host machine having the last address in the prefix range (e.g. 172.16.0.254), and each node will have an extra ctrl0 control interface configured with an address corresponding to its node number (e.g. 172.16.0.3 for n3.)

----------------------

[[email protected] 桌面]# . iptables_core.sh

[[email protected] 桌面]# cat iptables_core.sh

#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

#网卡：上外、下内
#上外  192.168.0.100
#下内  172.16.0.254
#INET_IF="ppp0"
INET_IF="enp13s0"
LAN_IF="b.ctrl0net.6a"
#INET_IP="192.168.0.100"
INET_IP="10.108.162.164"
LAN_IP="172.16.0.254"
LAN_IP_RANGE="172.16.0.0/24"
#LAN_WWW="172.16.0.6"
IPT="/sbin/iptables"
#TC="/sbin/tc"
MODPROBE="/sbin/modprobe"

$MODPROBE ip_tables
$MODPROBE iptable_nat
$MODPROBE ip_nat_ftp
$MODPROBE ip_nat_irc
$MODPROBE ipt_mark
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_conntrack_irc
$MODPROBE ipt_MASQUERADE

for TABLE in filter nat mangle ; do
$IPT -t $TABLE -F
$IPT -t $TABLE -X
$IPT -t $TABLE -Z
done

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP 
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT

# 拒绝INTERNET客户访问
#$IPT -A INPUT -i $INET_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#$IPT -A INPUT -i $INET_IF -p tcp -s 123.5.0.0/16 --dport 22 -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -i $INET_IF -m state --state NEW,INVALID -j DROP

for DNS in $(grep ^n /etc/resolv.conf|awk '{print $2}'); do
$IPT -A INPUT -p tcp -s $DNS --sport domain -j ACCEPT
$IPT -A INPUT -p udp -s $DNS --sport domain -j ACCEPT
done

# anti bad scaning
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

#$IPT -t nat -A PREROUTING -d $INET_IP -p tcp --dport 8008 -j DNAT --to-destination $LAN_WWW:8008
#$IPT -t nat -A PREROUTING -d $INET_IP -p tcp --dport 22 -j DNAT --to-destination $LAN_WWW:22

if [ $INET_IF = "ppp0" ] ; then
$IPT -t nat -A POSTROUTING -o $INET_IF -s $LAN_IP_RANGE -j MASQUERADE
else
$IPT -t nat -A POSTROUTING -o $INET_IF -s $LAN_IP_RANGE -j SNAT --to-source $INET_IP
fi

#no limit
#$IPT -A FORWARD -s 192.168.1.216 -m mac --mac-source 00:15:17:F7:AB:84 -j ACCEPT
#$IPT -A FORWARD -d 192.168.1.216 -j ACCEPT

#$IPT -A FORWARD -p tcp -d ! $LAN_IP_RANGE -m multiport --dports ! 20,21,22,25,53,80,110,443,8080 -j DROP
#$IPT -A FORWARD -p udp -d ! $LAN_IP_RANGE -m multiport --dports ! 20,21,22,25,53,80,110,443,8080 -j DROP

#MAC、IP地址绑定
#$IPT -A FORWARD -s 192.168.1.11 -m mac --mac-source 44-87-FC-44-B9-6E -j ACCEPT

$IPT -A FORWARD -s 172.16.0.1 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.2 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.3 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.4 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.5 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.6 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.7 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.8 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.9 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.10 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.11 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.12 -j ACCEPT

$IPT -A FORWARD -d 172.16.0.1 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.2 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.3 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.4 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.5 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.6 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.7 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.8 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.9 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.10 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.11 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.12 -j ACCEPT
           

[[email protected] n6.conf]# route add default gw 172.16.0.254

[[email protected] n6.conf]# route -n 

[[email protected] n6.conf]# cat /etc/resolv.conf 

[[email protected] n6.conf]# ping www.bupt.edu.cn

---------------------------------------------------------------------------

至此，CORE虚拟节点访问互联网 成功

---------------------------------------------------------------------------

下面在CORE虚拟节点中 使用docker —— 前提，CORE虚拟节点访问互联网 成功

---------------------------------------------------------------------------

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^OK OK

---------Install Docker on Fedora 23

dnf update -y

dnf -y install docker-io

systemctl start docker

systemctl start docker.service

systemctl restart docker.service

systemctl stop docker.service

systemctl status docker.service

systemctl status docker -l

^^^^^^宿主机测试

docker images

docker search centos

docker pull centos

docker images

docker tag 2933d50b9f77 docker.io/centos:core

docker run centos echo "hello world!"

^^^^^^至此，宿主机 OK

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^OK OK in CORE node

[[email protected] n6.conf]#

docker daemon &

docker images

docker run centos echo "hello world!"

docker run --rm -it centos /bin/bash

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

---------------------------------------------------------------------------

至此，在CORE虚拟节点中 使用docker 成功

---------------------------------------------------------------------------