From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id SDheJtnhu18rQQAA0tVLHw (envelope-from ) for ; Mon, 23 Nov 2020 16:22:49 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id iKFAItnhu1/KKAAA1q6Kng (envelope-from ) for ; Mon, 23 Nov 2020 16:22:49 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C9DD99400D3 for ; Mon, 23 Nov 2020 16:22:48 +0000 (UTC) Received: from localhost ([::1]:41666 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1khEc3-0000Y9-8u for larch@yhetil.org; Mon, 23 Nov 2020 11:22:47 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:45422) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1khEbW-0000UU-K9 for help-guix@gnu.org; Mon, 23 Nov 2020 11:22:15 -0500 Received: from mail-m975.mail.163.com ([123.126.97.5]:43648) by eggs.gnu.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1khEbO-00043a-Vl for help-guix@gnu.org; Mon, 23 Nov 2020 11:22:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-ID:MIME-Version; bh=RMWkS 5hfQmR/HUPyxTCITTFpyvznrQwQjg9de7Y9sYg=; b=Sjlm5yniIXWsPvehfJGaD L/I7bk5QZtX4SWk43q53uA8nYyWkNmOEc+iqHYs5RjVRmE9UvwWigYZx6FsQ8qKs rEk0baTT2GBIfBbt3+yJrBkhIzbh1jDNk37e/WDeYkSLip0dSj17beW4/mhLgzpi zscaIImXqJluhwyWLLZjrk= Received: from asus-laptop (unknown [27.39.88.34]) by smtp5 (Coremail) with SMTP id HdxpCgAXqUee4btfd1L3BQ--.137S2; Tue, 24 Nov 2020 00:21:50 +0800 (CST) References: <28690cfe.8dc4.175e13a4596.Coremail.all_but_last@163.com> <871rgnltiv.fsf@cbaines.net> <86r1omkbgk.fsf@gmail.com> User-agent: mu4e 1.4.13; emacs 27.1 From: Zhu Zihao To: Jason Conroy Subject: Re: Port forwarding for Guix containers In-reply-to: Date: Tue, 24 Nov 2020 00:21:49 +0800 Message-ID: <86lfesjb6q.fsf@163.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-CM-TRANSID: HdxpCgAXqUee4btfd1L3BQ--.137S2 X-Coremail-Antispam: 1Uf129KBjvdXoWrurWDWrWkXr4Duw4kKr1xXwb_yoWkKrX_uF n5Jrs7A34kJFyagan3AFnI9r98t392vryxtw4Skw4akry8XF1rta4kCas3WF1fGF48W3Zx urnxJrnagws8ujkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT 9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IUj1SrUUUUUU== X-Originating-IP: [27.39.88.34] X-CM-SenderInfo: pdoosuxxwbztlvw6il2tof0z/xtbB8Q7lr12MX7XOhgAAsG Received-SPF: pass client-ip=123.126.97.5; envelope-from=all_but_last@163.com; helo=mail-m975.mail.163.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: help-guix@gnu.org Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=163.com header.s=s110527 header.b=Sjlm5yni; dmarc=pass (policy=none) header.from=163.com; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: -1.31 X-TUID: XWMDi44S/tGK --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable That's what I want to say, thank you! I want to combine different software in containers in docker-compose like way. It's more similar with a system container then a `guix environment` container. I'm not a Docker hater, but docker will corrupt your iptables entry and make the system impure. If you wanna use iptables-service-type and docker-service-type together, when you run `herd restart iptables`. All docker specific rules will be erased.=20 > Supposing that we've developed some system container that starts a service > on port N. If we want to run another instance of the same container, we > first need to override the port number for the service in our > operating-system, otherwise the service in the second container will fail > to bind to port N in the shared network namespace. With a couple of > one-service containers this may not be so hard, but system containers in > general could have lots of services, and the authors of individual > containers may not want to worry about choosing port numbers that are > mutually disjoint from those in all other containers (and those used by t= he > container host itself). =2D-=20 Retrieve my PGP public key: https://meta.sr.ht/~citreu.pgp Zihao --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFJBAEBCAAzFiEE7NCVzXX6efyusptG1SOVn+xGFqYFAl+74Z0VHGFsbF9idXRf bGFzdEAxNjMuY29tAAoJENUjlZ/sRham3YcIAKvD8Du+Ft7O3VizNawDy28oYetF rF15HYsibZUl1dTGfYv7ZfDs4YFWBBav7+JTVJr1ZudSojkB96vF2scEKKX5kvFh kCQHv6YkYHLhXSiNA7m5AOyb+T0z0cdVW0bKLJVLR6U7PLGuIMejh3q9tuUfLaVX RV/i4nssr2lfdF7PBq54AQwZRpUuDMLYBfEXkTmUks7LgVbWlKQUebi0/7pIs1Ij NQDoexSn4N6I2HXiUT5C4Y68s5qSkqZX+hfCDuZWNSV77UafPBtxFRVZek6FQoLn 9tRRKPMVzJcv4Vl5CtZjysb9dXnedA9NCKsOa21Rv+nwTgX7sNd3Gs4rHy8= =qRp0 -----END PGP SIGNATURE----- --=-=-=--