Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Map mac port forwards to 0.0.0.0 #620

Merged
merged 1 commit into from
Sep 18, 2021
Merged

Map mac port forwards to 0.0.0.0 #620

merged 1 commit into from
Sep 18, 2021

Conversation

mattfarina
Copy link
Contributor

This enables the use of priviledged ports and makes content
available on the machines IP.

Part of #566

@mattfarina
Map mac port forwards to 0.0.0.0
58410a4 
This enables the use of priviledged ports and makes content
available on the machines IP.

Part of rancher-sandbox#566

Signed-off-by: Matt Farina <[email protected]>
@mattfarina
Copy link
Contributor Author

Note, you need the latest lima (tip of master) running in RD to test with privileged ports

jandubois
jandubois approved these changes Sep 18, 2021
View reviewed changes
Copy link
Member

@jandubois jandubois left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified with traefik and wordpress

@jandubois jandubois added this to the v0.5.0 milestone Sep 18, 2021
@jandubois jandubois merged commit 34f1a3c into rancher-sandbox:main Sep 18, 2021
@AkihiroSuda
Copy link

This looks kinda insecure unless explicitly documented

@AkihiroSuda
Copy link

AkihiroSuda commented Sep 21, 2021
edited
Loading

My suggestion is: lima-vm/lima#45 (comment)

Write a custom forwarder that binds on 0.0.0.0 but rejects connections when srcIP != 127.0.0.1

EDIT: lima PR lima-vm/lima#283

@jandubois
Copy link
Member

This looks kinda insecure unless explicitly documented

I believe that is intentional, as it matches the behaviour of Docker Desktop for Mac (I have not verified).

I would hope that eventually this would be configurable via the UI. E.g. if I'm only using k3s, then I may only want to have the traefik ingress ports forwarded to the external interface.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jandubois jandubois jandubois approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@mattfarina @AkihiroSuda @jandubois