search

haugene / docker-transmission-openvpn

Docker container running Transmission torrent client with WebUI over an OpenVPN tunnel
GNU General Public License v3.0
4.15k stars 1.21k forks source link

Transmission docker port mapping does not show any traffic #2847

Closed portah closed 5 months ago

portah commented 5 months ago

Is there a pinned issue for this?

Is there an existing or similar issue/discussion for this?

Is there any comment in the documentation for this?

Is this related to a provider?

Are you using the latest release?

Have you tried using the dev branch latest?

Docker run config used

services: transmission: image: haugene/transmission-openvpn:5.3.1 cap_add:

Current Behavior

It worked. I did not change anything. It started docker would not have access from container to outside world. That got fixed when I updated to the latest docker (MacOS). But now, I still can't access from host computer the interface. From inside container I can ping outside like partially local network and . I installed tracepath to better understand what is going on:

# tracepath -n 172.16.16.11
 1?: [LOCALHOST]                      pmtu 1500
 1:  172.28.0.1                                            0.061ms 
 1:  172.28.0.1                                            0.027ms 
 2:  172.16.16.11                                          0.336ms reached
     Resume: pmtu 1500 hops 2 back 2 
# tracepath 172.16.16.1
 1?: [LOCALHOST]                      pmtu 1500
 1:  172.28.0.1                                            0.046ms 
 1:  172.28.0.1                                            0.073ms 
 2:  192.168.64.1                                          0.687ms 
 3:  no reply

172.16.16.11 - hosts IP

Hosts ports not occupied by anything. And netstat shows listen only when image started. So, I'm out of options what to try. I have another image on the same host ownlcoud - and that one works well so this one should but it's not...

Expected Behavior

Would be able on hosts computer to access localhost:9092

How have you tried to solve the problem?

ping, netstat, tracepath changing ports from 9091 to 9092 use webproxy, nothing inside is accessible from outside(host's), no firewall enabled inside container, no firewall on the host system

Log output

Everything started, can do curl localhost:9091/9092 inside the container

HW/SW Environment

- OS: MacOS 13.6.6
- Docker: 4.30

Anything else?

No response

portah commented 5 months ago

I changed config file added

    stdin_open: true # docker run -i
    tty: true
    entrypoint: /bin/bash

Installed netcat and simply ran nc -l -p 9091 I was able to do curl localhost:9091 from host computer

I use tcpdump and somehow I got this when I connect from browser to the container:

root@0a7576b0434a:/# tcpdump -n -vv port 9091
tcpdump: listening on tun0, link-type RAW (Raw IP), snapshot length 262144 bytes
21:08:46.068940 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    172.21.0.2.9091 > 192.168.65.1.33046: Flags [S.], cksum 0x3146 (correct), seq 3649629815, ack 1450909878, win 31856, options [mss 1460,nop,nop,TS val 2489936396 ecr 4260761409,nop,wscale 7], length 0
21:08:46.068971 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    172.21.0.2.9091 > 192.168.65.1.58640: Flags [S.], cksum 0x19b3 (correct), seq 2115116770, ack 3140000429, win 31856, options [mss 1460,nop,nop,TS val 2489936396 ecr 4260761409,nop,wscale 7], length 0

I do see answers from transmission to the bridge network not to the hosts network which is 172.16.16.0/24. Ok to complete the experiment I stopped start.sh script and did ran nc -l -p 9091 with tcpdump, but now no openvpn runnig and I got this:

root@0a7576b0434a:/# tcpdump -n -vv port 9091
tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:14:02.777842 IP (tos 0x0, ttl 63, id 3329, offset 0, flags [none], proto TCP (6), length 60)
    192.168.65.1.16395 > 172.21.0.2.9091: Flags [S], cksum 0x5594 (incorrect -> 0xbc29), seq 4044421293, win 65408, options [mss 65495,nop,nop,TS val 4261125160 ecr 0,nop,wscale 7], length 0
21:14:02.777859 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    172.21.0.2.9091 > 192.168.65.1.16395: Flags [S.], cksum 0xadef (incorrect -> 0x2d53), seq 732761263, ack 4044421294, win 31856, options [mss 1460,nop,nop,TS val 2490253103 ecr 4261125160,nop,wscale 7], length 0
21:14:02.778018 IP (tos 0x0, ttl 63, id 37366, offset 0, flags [none], proto TCP (6), length 52)
    192.168.65.1.16395 > 172.21.0.2.9091: Flags [.], cksum 0x5594 (incorrect -> 0xd38e), seq 1, ack 1, win 511, options [nop,nop,TS val 4261125161 ecr 2490253103], length 0
21:14:02.778089 IP (tos 0x0, ttl 63, id 57463, offset 0, flags [none], proto TCP (6), length 746)
    192.168.65.1.16395 > 172.21.0.2.9091: Flags [P.], cksum 0x5594 (incorrect -> 0x042c), seq 1:695, ack 1, win 4096, options [nop,nop,TS val 4261125161 ecr 2490253103], length 694
21:14:02.778094 IP (tos 0x0, ttl 64, id 36309, offset 0, flags [DF], proto TCP (6), length 52)

So I do see requests from 192.168.65.1 bridge network and responses back from 172.21.0.2 container IP

pkishino commented 5 months ago

See here #2723

RalleyD commented 1 month ago

See here #2723

I see this has worked for a couple of people but I'm not having such luck. I'm using dev containers to run my containers most of the time so i've added this to the JSON config:

"containerEnv": { "LOCAL_NETWORK" : "192.168.1.0/24,192.168.65.0/24"},

And this environment variable appears when inspecting the container's config.

Perhaps where i'm going wrong is using the wrong local IP address? I assumed it was the 'default' ip address of my host?