Open ukaleq opened 4 years ago
BTW, it is a clean machine definitely, I just add one line "accept udp 4443".
~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:4443
Chain FORWARD (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP) [0/639]
target prot opt source destination
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:https
ACCEPT udp -- anywhere 172.17.0.2 udp dpt:443
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
As mention in subject, Debian Stretch / openconnect 7.08-1 / network-manager-openconnect 1.2.4-1 run on host, I would like to establish a tunnel by openconnect to ocserv docker image which fresh deploy on vps.
Procedure on host as below, How to use both tcp and especially UDP.
On vps, netstat check udp was not established. Testing udp port 4443 colud not be reached from public. Iptables accept all to anywhere with no doubt.