You cannot link containers when using net=host

[defender]

1. You cannot link containers when using net=host\
2. Also deploy_squid.py should be chmod +x inside dockerfile, otherwise you will get permission denied
3. After all those changes I cannot download nothing I got following error on the squid side :
   TCP_MISS_ABORTED/000 0 GET http://ftp.freepark.org/pub/linux/distributions/centos/6.6/updates/x86_64/Packages/bind-libs-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm

In case I set env http_proxy inside container It works like a charm.

Thanks,

[tfoote]

1. is a duplicate of squid-in-a-can does not work on Docker 1.4 #7
2. I cannot reproduce. I see deploy_squid.py as persisting it's executable flags inside the image

root@fc07bb57ad8f:/# ls /tmp/ -l
total 4
-rwxr-xr-x 1 root root 2633 Oct 31 17:21 deploy_squid.py

I tested with a freshly build image and the registry downloaded image, using docker 1.4.1

1. Can you provide instructions on how to reproduce this?

[defender]

Thank you for response

This is the way Im running your solution on my Vagrant machine:
1, Ubuntu 14.04 as a host
2. Docker 1.2
3. Im not running with fig but manually

docker run -d -name=squid --net=host --privileged -e DISK_CACHE_SIZE=5000 -e MAX_CACHE_OBJECT=1000 squid

docker run --name=iptables --privileged --net=host iptables

After that Im trying to build my image without setting http_proxy inside Docker file :

Docker file

FROM centos:6.5
RUN yum reinstall glibc-common.x86_64 -y
RUN yum -y install tar gzip krb5-devel zlib-devel sudo unzip which nc wget && clean all

Thanks.

[tfoote]

I can run your docker file executing the following:
docker run -d -name=squid --net=host --privileged -e DISK_CACHE_SIZE=5000 -e MAX_CACHE_OBJECT=1000 jpetazzo/squid-in-a-can:latest
docker run -ti --privileged --net=host iptables

Note: I ran the iptables with -ti not -d to be able to see the console output and so I can ctrl-c it to clean up the iptables on shutdown.

With the above run I could build the following dockerfile:

FROM centos:6
RUN yum reinstall glibc-common.x86_64 -y
RUN yum -y install tar gzip krb5-devel zlib-devel sudo unzip which nc

What does your iptables look like for you when running? This is mine.

$ sudo iptables --list -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http redir ports 3129

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  anywhere            !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        anywhere            

Chain DOCKER (2 references)
target     prot opt source               destination