WebUI not connecting

[leelouch]

Hi, could you please help me identifiying what is going on ? I am unable to connect to qbit webui,

• if vpn is disabled all ok
• when vpn is up: -- vpn is up and internet connection is ok (wget on google.com) -- I am unable to ping my pc from the docker ( ping 192.168.0.10 ) -- I am unable to access the webui from the pc

in the log I found some errors , I don't know if it is related :

alpine-qbittorrent    | Error: Could not process rule: No such file or directory
alpine-qbittorrent    | add chain inet qbt-mark output { type route hook output priority -150 ; }
alpine-qbittorrent    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
alpine-qbittorrent    | Error: Could not process rule: No such file or directory
alpine-qbittorrent    | add rule inet qbt-mark output ct mark 9090 meta mark set 8080 counter comment "Add mark to outgoing packets belonging to a WebUI connection"
alpine-qbittorrent    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^**

docker compose :

version: '3.3'
services:
    alpine-qbittorrent:
        container_name: alpine-qbittorrent
        cap_add:
            - NET_ADMIN
        volumes:
            - '/volume1/video/:/downloads'
            - '/volume1/:/volume1'
            - '-----------------/config:/config'
            - '/etc/localtime:/etc/localtime:ro'
        environment:
            - VPN_ENABLED=yes
            - VPN_TYPE=openvpn
            - LOCAL_NETWORK=192.168.0.0/16
            - WEBUI_ALLOWED_NETWORKS=0.0.0.0
            - DOWNLOAD_DIR_CHOWN=no
            - BIND_INTERFACE=yes
            - VPN_USERNAME=--------------------
            - VPN_PASSWORD=-------------------
        logging:
            driver: json-file
            options:
                max-size: 10m
        ports:
            - '8080:8080'
            - '6881:6881'
            - '6881:6881/udp'
            - '8118:8118'
        image: trigus42/qbittorrentvpn
        restart: unless-stopped

• My PC ip : 192.168.0.10
• Odroid linux IP : 192.168.0.102 -- linux is listinning to port 8080 : tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN

qbittorrent log.txt docker-logs-alpine.txt

docker bash :

/ # netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.11:38475        0.0.0.0:*               LISTEN
tcp        0      0 172.19.0.2:13455        0.0.0.0:*               LISTEN
tcp        0      0 10.100.0.2:13455        0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:13455         0.0.0.0:*               LISTEN
tcp        0      0 172.19.0.2:59866        82.102.19.137:443       ESTABLISHED
tcp6       0      0 :::8080                 :::*                    LISTEN
udp        0      0 0.0.0.0:6771            0.0.0.0:*
udp        0      0 0.0.0.0:6771            0.0.0.0:*
udp        0      0 0.0.0.0:6771            0.0.0.0:*
udp        0      0 127.0.0.11:56424        0.0.0.0:*
udp        0      0 172.19.0.2:13455        0.0.0.0:*
udp        0      0 10.100.0.2:13455        0.0.0.0:*
udp        0      0 127.0.0.1:13455         0.0.0.0:*
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   Path
unix  2      [ ACC ]     STREAM     LISTENING     1847243  /config/qBittorrent/config/.mKtOZs/s

ifconfig:

/ # ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.19.0.2  netmask 255.255.0.0  broadcast 172.19.255.255
        ether 02:42:ac:13:00:02  txqueuelen 0  (Ethernet)
        RX packets 355  bytes 75925 (74.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 307  bytes 56791 (55.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.100.0.2  netmask 255.255.255.0  destination 10.100.0.2
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 183  bytes 40786 (39.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 238  bytes 28285 (27.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

on docker : 
/ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.100.0.1      128.0.0.0       UG    0      0        0 tun0
default         172.19.0.1      0.0.0.0         UG    0      0        0 eth0
10.100.0.0      *               255.255.255.0   U     0      0        0 tun0
82.102.19.137   172.19.0.1      255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.100.0.1      128.0.0.0       UG    0      0        0 tun0
172.19.0.0      *               255.255.0.0     U     0      0        0 eth0

http://192.168.0.102:8080/:

[Trigus42]

The errors your are seeing are indeed related to your problem. Those firewall rules are for letting traffic from QBt Web UI leave without using the VPN interface. Please post the container logs with the environment variable DEBUG=true set. I'd like to take a look at the firewall config.

This error is probably caused by a missing kernel module. Please run lsmod | grep nf and grep CONFIG_NFT_ /boot/config-* on your host machine and post the output.

[leelouch]

Hi, thanks here are the logs: docker logs qbt may 8.txt docker-compose log.txt

grep CONFIG_NFT_ /boot/config-*
grep: /boot/config-*: No such file or directory
afawaz@odroidn2:~/docker$ ls /boot/
Image.gz  amlogic  initrd.img-4.9.277-118  initrd.img-4.9.312-125  uInitrd-4.9.277-118  uInitrd-4.9.312-125
afawaz@odroidn2:~/docker$

lsmod | grep nft_
nft_set_hash           24576  8
nft_set_rbtree         16384  2
nft_counter            16384  4
nft_ct                 16384  2
nft_meta               16384  39
nf_tables              86016  119 nft_ct,nft_set_hash,nf_tables_ipv6,nf_tables_ipv4,nft_meta,nft_set_rbtree,nft_counter,nf_tables_inet
nf_conntrack          143360  8 nft_ct,nf_conntrack_ipv6,nf_conntrack_ipv4,nf_conntrack_netlink,nf_nat_masquerade_ipv4,xt_conntrack,nf_nat_ipv4,nf_nat

[Trigus42]

FYI those are the commands that are causing your problem: https://github.com/Trigus42/alpine-qbittorrentvpn/blob/b647e52520d8a85ad03a5f6aa4315f5840ae2ca4/rootfs/etc/cont-init.d/30-network.sh#L18-L22

It is interesting that all commands besides those that create/use qbt-mark output succeed.
Please you run those commands on your host:

nft "add table inet qbt-mark"
nft "add chain inet qbt-mark prerouting { type filter hook prerouting priority -150 ; }"
nft "add rule inet qbt-mark output ct mark 9090 meta mark set 8080 counter comment \"Add mark to outgoing packets belonging to a WebUI connection\""

Those rules shouldn't do much on your host btw. Unless you use connection tracking with mark 9090 or packet marking with mark 8080. In this case just change them to some unused marks.

Just delete the rules afterwards using:

nft "delete table inet qbt-mark"

[leelouch]

/ # nft "add table inet qbt-mark"
ule inet qbt-mark output ct mark 9090 meta mark set 8080 counter comment \"Add mark to outgoing packets belonging to a WebUI connection\""/ # nft "add chain inet qbt-mark prerouting { type filter hook prerouting priority -150 ; }"
/ # nft "add rule inet qbt-mark output ct mark 9090 meta mark set 8080 counter comment \"Add mark to outgoing packets belonging to a WebUI connection\""
Error: Could not process rule: No such file or directory
add rule inet qbt-mark output ct mark 9090 meta mark set 8080 counter comment "Add mark to outgoing packets belonging to a WebUI connection"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/ #

/ # nft "delete table inet qbt-mark"
/ #

[Trigus42]

Your command output is a little messed up. Did you run nft "add chain inet qbt-mark prerouting { type filter hook prerouting priority -150 ; }" before running following command?

What OS are you using? Can you post the output of uname -a?

[leelouch]

restarted everything :

$ dce  alpine-qbittorrent sh
/ #
/ # nft "add table inet qbt-mark"
/ # nft "add chain inet qbt-mark prerouting { type filter hook prerouting priority -150 ; }"
/ #
/ # nft "add rule inet qbt-mark output ct mark 9090 meta mark set 8080 counter comment \"Add mark to outgoing packets belonging to a WebUI connection\""
Error: Could not process rule: No such file or directory
add rule inet qbt-mark output ct mark 9090 meta mark set 8080 counter comment "Add mark to outgoing packets belonging to a WebUI connection"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/ #
/ # nft "delete table inet qbt-mark"
/ #

/ # uname -a
Linux 26ced456a2e4 4.9.312-125 #1 SMP PREEMPT Sat Jun 18 18:58:41 UTC 2022 aarch64 Linux

r$ uname -a
Linux odroidn2 4.9.312-125 #1 SMP PREEMPT Sat Jun 18 18:58:41 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux
afawaz@odroidn2:~/docker$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.6 LTS
Release:        20.04
Codename:       focal

[Trigus42]

Sorry I mistyped there. I didn't mean to write nft "add chain inet qbt-mark prerouting { type filter hook prerouting priority -150 ; }", but nft "add chain inet qbt-mark output { type route hook output priority -150 ; }".

The correct commands are:

nft "add table inet qbt-mark"
nft "add chain inet qbt-mark output { type route hook output priority -150 ; }" 
nft "add rule inet qbt-mark output ct mark 9090 meta mark set 8080 counter comment \"Add mark to outgoing packets belonging to a WebUI connection\""

[leelouch]

No problem , results :

/ # nft "add table inet qbt-mark"
/ # nft "add chain inet qbt-mark output { type route hook output priority -150 ; }"
Error: Could not process rule: No such file or directory
add chain inet qbt-mark output { type route hook output priority -150 ; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

[Trigus42]

Unfortunately your kernel version is too old. 4.9 was deprecated in the beginning of last year and didn't support the route chain in the inet family.

As a temporary workaround, you could add the following commands to a custom script:

nft "add table ip qbt-mark"
nft "add chain ip qbt-mark output { type route hook output priority -150 ; }" 
nft "add rule ip qbt-mark output ct mark 9090 meta mark set 8080 counter comment \"Add mark to outgoing packets belonging to a WebUI connection\""
nft "add table ip6 qbt-mark"
nft "add chain ip6 qbt-mark output { type route hook output priority -150 ; }" 
nft "add rule ip6 qbt-mark output ct mark 9090 meta mark set 8080 counter comment \"Add mark to outgoing packets belonging to a WebUI connection\""

I'd recommend you rather upgrade your OS though.

[leelouch]

Ah Ok thanks a lot, will try to update the kernel ! hope it is compatible with my odroid n2 ! howverver I tried your script I added /etc/cont-init.d/31-network.sh ! same issue , logs below Note: By the way is it nornal the commands are duplicated ? ( I also tried to execute the commands in the command line, no errors occured )

/ # ls -la /etc/cont-init.d/
total 56
drwxr-xr-x    1 root     root          4096 May  9 15:11 .
drwxr-xr-x    1 root     root          4096 May  9 15:08 ..
-rwxr-xr-x    1 root     root          8243 Apr 14 19:12 10-environment.sh
-rwxr-xr-x    1 root     root         11835 Apr 14 19:12 20-vpn.sh
-rwxr-xr-x    1 root     root          9535 Apr 14 19:12 30-network.sh
-rwxr-xr-x    1 root     root           566 May  9 15:13 31-network.sh
-rwxr-xr-x    1 root     root          6109 Apr 14 19:12 40-qbittorrent-setup.sh

/ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.100.0.1      128.0.0.0       UG    0      0        0 tun0
default         172.19.0.1      0.0.0.0         UG    0      0        0 eth0
10.100.0.0      *               255.255.255.0   U     0      0        0 tun0
82.102.19.137   172.19.0.1      255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.100.0.1      128.0.0.0       UG    0      0        0 tun0
172.19.0.0      *               255.255.0.0     U     0      0        0 eth0
/ #

docker logs may 9.txt

Thanks again for your support

[Trigus42]

The errors are expected. They shouldn't matter as long as the other commands are executed.

Please add nft list ruleset to the end of your script. It should look something like this:

#!/usr/bin/with-contenv bash
# shellcheck shell=bash

nft "add table ip qbt-mark"
nft "add chain ip qbt-mark output { type route hook output priority -150 ; }" 
nft "add rule ip qbt-mark output ct mark 9090 meta mark set 8080 counter comment \"Add mark to outgoing packets belonging to a WebUI connection\""
nft "add table ip6 qbt-mark"
nft "add chain ip6 qbt-mark output { type route hook output priority -150 ; }" 
nft "add rule ip6 qbt-mark output ct mark 9090 meta mark set 8080 counter comment \"Add mark to outgoing packets belonging to a WebUI connection\""

nft list ruleset

In the log you should find this:

table ip qbt-mark {
        chain output {
                type route hook output priority mangle; policy accept;
                ct mark 0x00002382 meta mark set 0x00001f90 counter packets 0 bytes 0 comment "Add mark to outgoing packets belonging to a WebUI connection"
        }
}
table ip6 qbt-mark {
        chain output {
                type route hook output priority mangle; policy accept;
                ct mark 0x00002382 meta mark set 0x00001f90 counter packets 0 bytes 0 comment "Add mark to outgoing packets belonging to a WebUI connection"
        }
}

[leelouch]

PLEASE IGNORE this post since I completely reinstalled my board with a new image & 6.x kernel. see below

Hi, in the meanwhile I upgraded my distrib to ubuntu 22 and trying to upgrade my kernel without success so far ! I am not an expert :), on odroid n2 it is not straightforward !

I see your log but still no connection

@odroidn2:~$ uname -a
Linux odroidn2 4.9.337-35 #1 SMP PREEMPT Tue Nov 28 17:43:06 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
afawaz@odroidn2:~$ lsb_release
No LSB modules are available.
@odroidn2:~$ lsb_release  -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.4 LTS
Release:        22.04
Codename:       jammy
afawaz@odroidn2:~$

here is the log :

alpine-qbittorrent  | [cont-init.d] 31-network.sh: executing...
alpine-qbittorrent  | # Warning: table ip nat is managed by iptables-nft, do not touch!
alpine-qbittorrent  | table ip nat {
alpine-qbittorrent  |   chain DOCKER_OUTPUT {
alpine-qbittorrent  |           meta l4proto tcp ip daddr 127.0.0.11 xt match "tcp" counter packets 0 bytes 0 xt target "DNAT"
alpine-qbittorrent  |           meta l4proto udp ip daddr 127.0.0.11 xt match "udp" counter packets 0 bytes 0 xt target "DNAT"
alpine-qbittorrent  |   }
alpine-qbittorrent  |
alpine-qbittorrent  |   chain OUTPUT {
alpine-qbittorrent  |           type nat hook output priority dstnat; policy accept;
alpine-qbittorrent  |           ip daddr 127.0.0.11 counter packets 0 bytes 0 jump DOCKER_OUTPUT
alpine-qbittorrent  |   }
alpine-qbittorrent  |
alpine-qbittorrent  |   chain DOCKER_POSTROUTING {
alpine-qbittorrent  |           meta l4proto tcp ip saddr 127.0.0.11 xt match "tcp" counter packets 0 bytes 0 xt target "SNAT"
alpine-qbittorrent  |           meta l4proto udp ip saddr 127.0.0.11 xt match "udp" counter packets 0 bytes 0 xt target "SNAT"
alpine-qbittorrent  |   }
alpine-qbittorrent  |
alpine-qbittorrent  |   chain POSTROUTING {
alpine-qbittorrent  |           type nat hook postrouting priority srcnat; policy accept;
alpine-qbittorrent  |           ip daddr 127.0.0.11 counter packets 0 bytes 0 jump DOCKER_POSTROUTING
alpine-qbittorrent  |   }
alpine-qbittorrent  | }
alpine-qbittorrent  | table ip qbt-mark {
alpine-qbittorrent  |   chain output {
alpine-qbittorrent  |           type route hook output priority mangle; policy accept;
alpine-qbittorrent  |           ct mark 0x00002382 meta mark set 0x00001f90 counter packets 0 bytes 0 comment "Add mark to outgoing packets belonging to a WebUI connection"
alpine-qbittorrent  |   }
alpine-qbittorrent  | }
alpine-qbittorrent  | table ip6 qbt-mark {
alpine-qbittorrent  |   chain output {
alpine-qbittorrent  |           type route hook output priority mangle; policy accept;
alpine-qbittorrent  |           ct mark 0x00002382 meta mark set 0x00001f90 counter packets 0 bytes 0 comment "Add mark to outgoing packets belonging to a WebUI connection"
alpine-qbittorrent  |   }
alpine-qbittorrent  | }
alpine-qbittorrent  | table inet qbt-mark {
alpine-qbittorrent  |   chain prerouting {
alpine-qbittorrent  |           type filter hook prerouting priority mangle; policy accept;
alpine-qbittorrent  |           tcp dport 8080 ct state new ct mark set 0x00002382 counter packets 0 bytes 0 comment "Track new WebUI connections"
alpine-qbittorrent  |   }
alpine-qbittorrent  | }
alpine-qbittorrent  | table inet firewall {
alpine-qbittorrent  |   set vpn_ipv4 {
alpine-qbittorrent  |           type ipv4_addr
alpine-qbittorrent  |           elements = { 82.102.19.137 }
alpine-qbittorrent  |   }
alpine-qbittorrent  |
alpine-qbittorrent  |   set vpn_ipv6 {
alpine-qbittorrent  |           type ipv6_addr
alpine-qbittorrent  |   }
alpine-qbittorrent  |
alpine-qbittorrent  |   set webui_allowed_networks_ipv4 {
alpine-qbittorrent  |           type ipv4_addr
alpine-qbittorrent  |           flags interval
alpine-qbittorrent  |           elements = { 0.0.0.0 }
alpine-qbittorrent  |   }
alpine-qbittorrent  |
alpine-qbittorrent  |   set webui_allowed_networks_ipv6 {
alpine-qbittorrent  |           type ipv6_addr
alpine-qbittorrent  |           flags interval
alpine-qbittorrent  |   }
alpine-qbittorrent  |
alpine-qbittorrent  |   chain input {
alpine-qbittorrent  |           type filter hook input priority filter; policy drop;
alpine-qbittorrent  |           iifname "tun0" accept comment "Accept input from VPN tunnel"
alpine-qbittorrent  |           tcp sport 443 ip saddr @vpn_ipv4 accept comment "Accept input from VPN server \(IPv4\)"
alpine-qbittorrent  |           tcp sport 443 ip6 saddr @vpn_ipv6 accept comment "Accept input from VPN server \(IPv6\)"
alpine-qbittorrent  |           iifname "lo" accept comment "Accept input from internal loopback"
alpine-qbittorrent  |           icmpv6 type { nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept comment "Basic ICMPv6 NDP"
alpine-qbittorrent  |           icmpv6 type { destination-unreachable, packet-too-big, time-exceeded } accept comment "Basic ICMPv6 errors (optional)"
alpine-qbittorrent  |           icmp type { destination-unreachable, time-exceeded } accept comment "Basic ICMP errors (optional)"
alpine-qbittorrent  |           icmp type echo-request accept comment "Respond to IPv4 pings (optional)"
alpine-qbittorrent  |           icmpv6 type echo-request accept comment "Respond to IPv6 pings (optional)"
alpine-qbittorrent  |           tcp dport 8080 ip saddr @webui_allowed_networks_ipv4 counter packets 0 bytes 0 accept comment "Accept input to the qBt WebUI \(IPv4\)"
alpine-qbittorrent  |           tcp dport 8080 ip6 saddr @webui_allowed_networks_ipv6 counter packets 0 bytes 0 accept comment "Accept input to the qBt WebUI \(IPv6\)"
alpine-qbittorrent  |   }
alpine-qbittorrent  |
alpine-qbittorrent  |   chain output {
alpine-qbittorrent  |           type filter hook postrouting priority filter; policy drop;
alpine-qbittorrent  |           oifname "tun0" accept comment "Accept output to VPN tunnel"
alpine-qbittorrent  |           tcp dport 443 ip daddr @vpn_ipv4 accept comment "Accept output to VPN server \(IPv4\)"
alpine-qbittorrent  |           tcp dport 443 ip6 daddr @vpn_ipv6 accept comment "Accept output to VPN server \(IPv6\)"
alpine-qbittorrent  |           tcp sport 8080 meta mark 0x00001f90 counter packets 0 bytes 0 accept comment "Accept outgoing packets belonging to a WebUI connection"
alpine-qbittorrent  |           iifname "lo" accept comment "Accept output to internal loopback"
alpine-qbittorrent  |           icmpv6 type { nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept comment "Basic ICMPv6 NDP"
alpine-qbittorrent  |           icmpv6 type { destination-unreachable, packet-too-big, time-exceeded } accept comment "ICMPv6 errors (optional)"
alpine-qbittorrent  |           icmp type { destination-unreachable, time-exceeded } accept comment "ICMP errors (optional)"
alpine-qbittorrent  |           icmp type echo-reply accept comment "Respond to IPv4 pings (optional)"
alpine-qbittorrent  |           icmpv6 type echo-reply accept comment "Respond to IPv6 pings (optional)"
alpine-qbittorrent  |   }
alpine-qbittorrent  | }
alpine-qbittorrent  | [cont-init.d] 31-network.sh: exited 0.

[leelouch]

I am testing armbian new odroidn2 image with kernel 6 Linux odroidn2 6.6.16-current-meson64 #1 SMP PREEMPT Mon Feb 5 20:14:39 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux I am still facing issues , I will provide the logs

odroidn2:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.3 LTS
Release:        22.04
Codename:       jammy

[leelouch]

tun is up and internet connection ok

/ # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.100.0.1      128.0.0.0       UG    0      0        0 tun0
default         172.18.0.1      0.0.0.0         UG    0      0        0 eth0
10.100.0.0      *               255.255.255.0   U     0      0        0 tun0
82.102.19.137   172.18.0.1      255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.100.0.1      128.0.0.0       UG    0      0        0 tun0
172.18.0.0      *               255.255.0.0     U     0      0        0 eth0

docker-compose.txt docker logs alpine-qbit.txt nft list ruleset.txt

[Trigus42]

The problem is that you have set WEBUI_ALLOWED_NETWORKS to 0.0.0.0. You probably meant to set it to 0.0.0.0/0, allowing all IPv4 networks to access the WebUI. If you don't want to restrict access, just remove it or else set it to the correct IP or subnet (in CIDR notation).

[leelouch]

Yes indeed, forget the /0 . all solved ! Thanks a lot