search

TeamSpeak-Systems / teamspeak-linux-docker-images

docker build files for TeamSpeak servers
Other
115 stars 55 forks source link

wrong IP in client information (teamspeak) #1

Open keigel2001 opened 6 years ago

keigel2001 commented 6 years ago

When showing the client information of connected clients in teamspeak, it's showing the wrong ip. It's showing 172.17.0.1. All clients are connecting from 172.17.0.1. This is actually the gateway-ip of docker (you can look it up with docker inspect containername)

docker run --detach \
   --publish 9987:9987/udp --publish 10011:10011 --publish 30033:30033 --publish 41144:41144 \
   --name teamspeak \
   --restart unless-stopped \
   --env TZ=Europe/Berlin \
   --volume /srv/teamspeak:/var/ts3server \
   teamspeak:latest
uname -a
Linux debian 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02) x86_64 GNU/Linux
docker version
Client:
 Version:       18.03.0-ce
 API version:   1.37
 Go version:    go1.9.4
 Git commit:    0520e24
 Built: Wed Mar 21 23:10:06 2018
 OS/Arch:       linux/amd64
 Experimental:  false
 Orchestrator:  swarm

Server:
 Engine:
  Version:      18.03.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   0520e24
  Built:        Wed Mar 21 23:08:35 2018
  OS/Arch:      linux/amd64
  Experimental: false

I had the same problem with multiple other teamspeak docker images for the last months. I even installed a VM with just debian stretch and docker on it to test if another application is interfering. Same problem. It's not happening everytime, but very often. Seems like a round-robin thing or sth.

Only solution I've found was changing the docker --network to host. But that's not the greatest solution in terms of security.

cebor commented 6 years ago

This is an issue (feature) with docker not with this container. Using the hostnetwork is currently the only solution, but should be fine.

keigel2001 commented 6 years ago

Do you know how this "feature" is called? Are they (docker) aware of this issue? Why is the readme of the teamspeak docker images then advising to use the bridged mode, when it's not fully working? Maybe there should be at least a notice to this issue and how to avoid it.

cebor commented 6 years ago

This is part of the network isolation for every container. When you publish ports --publish, a proxy forwards all traffic for this specific port from host to container. In this process all origin ips getting lost and you will only see the containers std gateway ip.

The bridge mode is the default network configuration for every container and its different from the host mode.

Further informations: https://docs.docker.com/network/host/

And i'm also voting for some documentation cause client ips are essential for bans etc.

henok321 commented 6 years ago

You can run your container in host mode as already mentioned by @cebor or alternatively enable forwarding in bridge mode.

Further information: https://docs.docker.com/network/bridge/#enable-forwarding-from-docker-containers-to-the-outside-world

MAGICCC commented 6 years ago

This is an issue (feature) with docker not with this container. Using the hostnetwork is currently the only solution, but should be fine.

@cebor Actually you can use https://github.com/robbertkl/docker-ipv6nat when you want working IPv6 while connecting to an IPv6 address

aronmgv commented 5 years ago

What about the database itself?? I still want to have it running inside a container on its network but cannot configure TS3 container to use different port for the database.. Any ideas how to make it work? Tried:

TS3SERVER_DB_PORT: XXX <- not respected
TS3SERVER_DB_HOST: IP:PORT <- doesnt work as well

EDIT: This also doesn't work: https://docs.docker.com/network/bridge/#enable-forwarding-from-docker-containers-to-the-outside-world

aronmgv commented 5 years ago

@cebor Well I dont agree.. Explain to me how I am supposed to make this setup work if I already have a mysql DB on the host running on the default port? Your dockerized image does not allow to change port of the DB and it doesn't work when specified in the TS3SERVER_DB_HOST: IP:PORT..

This is the limitation of the TeamSpeak not the docker containers.. If you can reach public services within the container you should be able to determine the public IPs users are coming from. Simple as that. This issue has been open for almost 9 months, please make some progress on that.

tachigami commented 5 years ago

TS version 3.5.1 Docker version 18.09 I've just ran into the issue. I haven't seen the problem before on version 3.1. If a user joined for the first time or he was disconnected for a few hours he gets his public IP but if he reconnects he has a local ip (172.20.0.1).

EDIT: This also doesn't work: https://docs.docker.com/network/bridge/#enable-forwarding-from-docker-containers-to-the-outside-world

I agree with it. Changing to host-mode is the only solution

SantiagoAcevedo commented 5 years ago

User docker run --net=host ... https://docs.docker.com/network/host/

flothemaker commented 4 years ago

I have the same problem. Cause I can't/don't wanna join the dbcontainer into the hostnetwork (security reasons), I can't join the teamspeakcontainer into the hostnetwork (cause you can't join e.g. the hostnetwork and a second network at the same time). Therefore we need another solution, how to get client's ip addresses into the teamspeakcontainer.

ProteanCode commented 4 years ago

Same issue while hosting over Traefik with Docker Swarm

mikilian commented 3 years ago

@ProteanCode I ran into the same issue when deploying Teamspeak into my swarm. I also use traefik but you won't need it here. The solution was to set up proper port forwarding.

ports:
  - target: 9987
     published: 9987
     protocol: udp
     mode: host
ProteanCode commented 3 years ago

@ProteanCode I ran into the same issue when deploying Teamspeak into my swarm. I also use traefik but you won't need it here. The solution was to set up proper port forwarding.

ports:
  - target: 9987
     published: 9987
     protocol: udp
     mode: host

Yeah but mode: host makes both traefik and swarm useless, you can run it using docker-compose or plain docker command. Anyway I have used that solution since I have TS hosted on single node anyway

flothemaker commented 3 years ago

@mikilian @ProteanCode So you both are do the same for the DB container?

ProteanCode commented 3 years ago

@mikilian @ProteanCode So you both are do the same for the DB container?

I use file storage for that, afaik its sqlite?

mikilian commented 3 years ago

@flothemaker No, I only do this for the container where teamspeak is located. Also don't link the network where traefik is located, but a separate one intended for the use of the mysql server. I also don't see why anything should be useless here.

TheFlow0360 commented 3 years ago

@ProteanCode I ran into the same issue when deploying Teamspeak into my swarm. I also use traefik but you won't need it here. The solution was to set up proper port forwarding.

ports:
  - target: 9987
     published: 9987
     protocol: udp
     mode: host

this is working perfectly! no need to put the whole container in anotehr network

cebor commented 3 years ago

@ProteanCode I ran into the same issue when deploying Teamspeak into my swarm. I also use traefik but you won't need it here. The solution was to set up proper port forwarding.

ports:
  - target: 9987
     published: 9987
     protocol: udp
     mode: host

this is working perfectly! no need to put the whole container in anotehr network

Also tried this, but then connection via ipv6 is not possible.

doxzbob commented 3 years ago

This comment here seems to fix the issue: https://github.com/moby/moby/issues/16720#issuecomment-444862701

TL;DR: conntrack -D -p udp after the container has started fixes the issue