(OK) simply running CORE & docker on Fedora 23

[root@localhost core]# ./bootstrap.sh
[root@localhost core]# ./configure --with-startup=systemd
[root@localhost core]# make
[root@localhost core]# make install 

[root@localhost core]#systemctl daemon-reload

[root@localhost core]# systemctl start core-daemon.service
[root@localhost core]# core-gui




NOTE: /root/.core/configs/m-MPE-manet.imn

----------------------
Under the Session Menu, the Options... dialog has an option to set a control network prefix.
This can be set to a network prefix such as 172.16.0.0/24. A bridge will be created on the host machine having the last address in the prefix range (e.g. 172.16.0.254), and each node will have an extra ctrl0 control interface configured with an address corresponding to its node number (e.g. 172.16.0.3 for n3.)
----------------------

[root@localhost 桌面]# . iptables_core.sh
[root@localhost 桌面]# cat iptables_core.sh

#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

#网卡：上外、下内
#上外  192.168.0.100
#下内  172.16.0.254
#INET_IF="ppp0"
INET_IF="enp13s0"
LAN_IF="b.ctrl0net.6a"
#INET_IP="192.168.0.100"
INET_IP="10.108.162.164"
LAN_IP="172.16.0.254"
LAN_IP_RANGE="172.16.0.0/24"
#LAN_WWW="172.16.0.6"
IPT="/sbin/iptables"
#TC="/sbin/tc"
MODPROBE="/sbin/modprobe"

$MODPROBE ip_tables
$MODPROBE iptable_nat
$MODPROBE ip_nat_ftp
$MODPROBE ip_nat_irc
$MODPROBE ipt_mark
$MODPROBE ip_conntrack
$MODPROBE ip_conntrack_ftp
$MODPROBE ip_conntrack_irc
$MODPROBE ipt_MASQUERADE

for TABLE in filter nat mangle ; do
$IPT -t $TABLE -F
$IPT -t $TABLE -X
$IPT -t $TABLE -Z
done

$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP 
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT

# 拒绝INTERNET客户访问
#$IPT -A INPUT -i $INET_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#$IPT -A INPUT -i $INET_IF -p tcp -s 123.5.0.0/16 --dport 22 -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -A INPUT -i $INET_IF -m state --state NEW,INVALID -j DROP

for DNS in $(grep ^n /etc/resolv.conf|awk '{print $2}'); do
$IPT -A INPUT -p tcp -s $DNS --sport domain -j ACCEPT
$IPT -A INPUT -p udp -s $DNS --sport domain -j ACCEPT
done

# anti bad scaning
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL ALL -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL NONE -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPT -A INPUT -i $INET_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

#$IPT -t nat -A PREROUTING -d $INET_IP -p tcp --dport 8008 -j DNAT --to-destination $LAN_WWW:8008
#$IPT -t nat -A PREROUTING -d $INET_IP -p tcp --dport 22 -j DNAT --to-destination $LAN_WWW:22

if [ $INET_IF = "ppp0" ] ; then
$IPT -t nat -A POSTROUTING -o $INET_IF -s $LAN_IP_RANGE -j MASQUERADE
else
$IPT -t nat -A POSTROUTING -o $INET_IF -s $LAN_IP_RANGE -j SNAT --to-source $INET_IP
fi

#no limit
#$IPT -A FORWARD -s 192.168.1.216 -m mac --mac-source 00:15:17:F7:AB:84 -j ACCEPT
#$IPT -A FORWARD -d 192.168.1.216 -j ACCEPT

#$IPT -A FORWARD -p tcp -d ! $LAN_IP_RANGE -m multiport --dports ! 20,21,22,25,53,80,110,443,8080 -j DROP
#$IPT -A FORWARD -p udp -d ! $LAN_IP_RANGE -m multiport --dports ! 20,21,22,25,53,80,110,443,8080 -j DROP

#MAC、IP地址绑定
#$IPT -A FORWARD -s 192.168.1.11 -m mac --mac-source 44-87-FC-44-B9-6E -j ACCEPT

$IPT -A FORWARD -s 172.16.0.1 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.2 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.3 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.4 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.5 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.6 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.7 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.8 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.9 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.10 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.11 -j ACCEPT
$IPT -A FORWARD -s 172.16.0.12 -j ACCEPT

$IPT -A FORWARD -d 172.16.0.1 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.2 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.3 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.4 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.5 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.6 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.7 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.8 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.9 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.10 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.11 -j ACCEPT
$IPT -A FORWARD -d 172.16.0.12 -j ACCEPT

[root@n6 n6.conf]# route add default gw 172.16.0.254
[root@n6 n6.conf]# route -n 

[root@n6 n6.conf]# cat /etc/resolv.conf 

[root@n6 n6.conf]# ping www.bupt.edu.cn

---------------------------------------------------------------------------
至此，CORE虚拟节点访问互联网 成功


---------------------------------------------------------------------------
下面在CORE虚拟节点中 使用docker —— 前提，CORE虚拟节点访问互联网 成功
---------------------------------------------------------------------------

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^OK OK
---------Install Docker on Fedora 23
dnf update -y
dnf -y install docker-io
systemctl start docker

systemctl start docker.service
systemctl restart docker.service
systemctl stop docker.service
systemctl status docker.service

systemctl status docker -l

^^^^^^宿主机测试
docker images
docker search centos
docker pull centos
docker images
docker tag 2933d50b9f77 docker.io/centos:core
docker run centos echo "hello world!"
^^^^^^至此，宿主机 OK

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^OK OK in CORE node
[root@n6 n6.conf]#
docker daemon &
docker images
docker run centos echo "hello world!"
docker run --rm -it centos /bin/bash
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

---------------------------------------------------------------------------
至此，在CORE虚拟节点中 使用docker 成功
---------------------------------------------------------------------------