Hi, I'm Samuel Cochran

on Twitter, Facebook, Google, LinkedIn, GitHub, Stack Overflow, and Steam.

Pow and Docker

Pow's port redirection with OS X's pf seems to overreach and makes all traffic routed out of my dlite-hosted docker containers to port 80 (for any IP) redirected to pow (127.0.0.1:20559). This meant commands like apt-get update weren't working.

So I replaced the firewall rule with socat. It can run a tiny tcp listener on port 80 and proxy connections to port 20559.

tl;dr: if you can't connect to http servers from inside your docker containers and you use pow, try:

# Remove pow's boot time firewall fiddling
$ sudo launchctl unload /Libary/LaunchDaemons/cx.pow.firewall.plist
$ sudo rm /Libary/LaunchDaemons/cx.pow.firewall.plist

# I had to reboot here, flushing the packet filter and other things
# I tried couldn't completely get rid of the port 80 redirect.

$ brew install socat
$ sudo vim /Library/LaunchDaemons/cx.pow.socat.plist
# or somehow, fill it with:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>cx.pow.socat</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/local/bin/socat</string>
                <string>tcp-listen:80,fork,reuseaddr</string>
                <string>tcp-connect:127.0.0.1:20559</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>KeepAlive</key>
        <true/>
        <key>UserName</key>
        <string>root</string>
</dict>
</plist>

$ sudo launchctl load /Libary/LaunchDaemons/cx.pow.socat.plist

Now http://pow.dev should still work, and so should docker run -it ubuntu apt-get update.