Closed montecas closed 3 years ago
I have defined additional ports to expose container services routing through privoxyvpn to my home network. IP Tables is no longer opening the additional ports so my containers now only have outbound and no local access.
2021-03-06 12:26:24,819 DEBG 'start-script' stdout output: -P INPUT DROP -P FORWARD DROP -P OUTPUT DROP -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -s 156.146.37.241/32 -i eth0 -j ACCEPT -A INPUT -s 156.146.37.212/32 -i eth0 -j ACCEPT -A INPUT -s 156.146.37.222/32 -i eth0 -j ACCEPT -A INPUT -s 156.146.37.211/32 -i eth0 -j ACCEPT -A INPUT -s 156.146.37.232/32 -i eth0 -j ACCEPT -A INPUT -s 10.1.1.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -m tcp --dport 8118 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i wg0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -d 156.146.37.241/32 -o eth0 -j ACCEPT -A OUTPUT -d 156.146.37.212/32 -o eth0 -j ACCEPT -A OUTPUT -d 156.146.37.222/32 -o eth0 -j ACCEPT -A OUTPUT -d 156.146.37.211/32 -o eth0 -j ACCEPT -A OUTPUT -d 156.146.37.232/32 -o eth0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 10.1.1.0/24 -o eth0 -p tcp -m tcp --sport 8118 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o wg0 -j ACCEPT
Found https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md. Q25
montecas
commented
3 years ago
I have defined additional ports to expose container services routing through privoxyvpn to my home network. IP Tables is no longer opening the additional ports so my containers now only have outbound and no local access.
172.17.0.2:7878/TCP10.1.1.2:7878 172.17.0.2:8090/TCP10.1.1.2:8090
2021-03-06 12:26:24,819 DEBG 'start-script' stdout output: -P INPUT DROP -P FORWARD DROP -P OUTPUT DROP -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -s 156.146.37.241/32 -i eth0 -j ACCEPT -A INPUT -s 156.146.37.212/32 -i eth0 -j ACCEPT -A INPUT -s 156.146.37.222/32 -i eth0 -j ACCEPT -A INPUT -s 156.146.37.211/32 -i eth0 -j ACCEPT -A INPUT -s 156.146.37.232/32 -i eth0 -j ACCEPT -A INPUT -s 10.1.1.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -m tcp --dport 8118 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i wg0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -d 156.146.37.241/32 -o eth0 -j ACCEPT -A OUTPUT -d 156.146.37.212/32 -o eth0 -j ACCEPT -A OUTPUT -d 156.146.37.222/32 -o eth0 -j ACCEPT -A OUTPUT -d 156.146.37.211/32 -o eth0 -j ACCEPT -A OUTPUT -d 156.146.37.232/32 -o eth0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 10.1.1.0/24 -o eth0 -p tcp -m tcp --sport 8118 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o wg0 -j ACCEPT