port check believes port is unreachable, but it isn't

[tycho]

If I request, e.g. https://ifconfig.co/port/3389, it seems to believe my ports (on a local IPv6 address) are unreachable, but I don't think it's actually tried in any way. If I use tcpdump -i inboundinterface -n tcp port 3389 to monitor traffic on the local router, I don't see any TCP SYN packets arriving from anywhere to test whether the port is open. I have my own copy of mpolden/echoip:latest running in docker on a DigitalOcean instance which exhibits the same behavior.

However, the port is definitely open. I can reach the port via nmap/netcat on the command line in the same DigitalOcean instance (and I do see the requests in tcpdump as I'd expect).

I looked at the code and it seems like LookupPort is doing the right thing, though maybe it should be using JoinHostPort instead of fmt.Sprintf to create the address string. But I don't think that's actually preventing it from working.

Any ideas where things are going wrong?

[tycho]

Aha, it's a docker config issue. The container didn't have an IPv6 address, so it wasn't able to attempt any port probing.

If I add this to /etc/docker/daemon.json (to assign an IPv6 ULA range to the docker0 interface):

{
  "ipv6": true,
  "fixed-cidr-v6": "fdc2:6fec:de8d:c458::/64"
}

and then update my firewall rules to allow the docker0->internet traffic (and NAT it), it is able to probe successfully.

[tycho]

Actually should probably leave this open so that the config on ifconfig.co can be updated to work with IPv6 port probing.

[mpolden]

For https://ifconfig.co it's due to a limitation of the current hosting provider, but it should hopefully be resolved soon.