wfg
commented
2 years ago Are you exposing the port on the VPN container or the application container? I'm thinking this may help based on what you've said.
Closed YabaiKai closed 2 years ago
wfg
commented
2 years ago Are you exposing the port on the VPN container or the application container? I'm thinking this may help based on what you've said.
YabaiKai
commented
2 years ago Hi wfg, thanks for your comment. I confirm that I am exposing the ports via the VPN container and not the application containers. I have tried specifying an explicit external IP, as well as leaving it open, i.e.: ports:
but nothing seems to get through on my LAN network. I guess this is the sticking point as I mentioned in my first post that an nginx server running on the same client makes the application accessible. I'm not knowledgeable enough about iptables to get much deeper, but I guess that it's not accepting packets from the LAN network going to these ports, and only allowing localhost. I'll try digging some more.
otymm
commented
2 years ago So, the (similar) issue I am having is that I can access the http proxy from my desktop which is on the same subnet (i.e. 192.168.50.0) as the host (alpine running as VM on proxmox), but machines on a different subnet (i.e. 192.168.102) cannot reach it. I have spent a few hours reading about with no solution. I have the following environment tag in my compose file:
Any ideas?
otymm
commented
2 years ago I take this back; having reset the firewall state table in OPNSense, now works across the network like a charm. Thanks
wfg
commented
2 years ago @King-Cole so you expose the port on the VPN container, but you intend to access it through an Nginx reverse proxy. Is that right? It shouldn't make a difference, I use the same configuration.
Based on your description, I have a very similar setup. What is the IP address of the host that you are accessing from and what is the IP address of the Docker host?
YabaiKai
commented
2 years ago So, interestingly enough, I played around with it some more. I think this is more of a Docker networking issue than an issue with your development. If I assign an additional host port to the same container port (i.e. both 8080:8080 and 8081:8080), I can access the application on my LAN via the later but not the former. Not sure how to get the former working, but this is at least workable!
zishanneno
commented
5 months ago This may help:
DEFAULT_GW=$(ip -4 route | awk '/default via/ {print $3}')
NS_IP=$(grep 'nameserver' /etc/resolv.conf | awk 'NR==1 {print $2}')
SUBNET=$(echo $NS_IP | awk -F '.' '{print $1"."$2"."$3".0/24"}')
ip route add "$SUBNET" via "$DEFAULT_GW" dev eth0Further details are here in my answer: Docker exposed port stops working when connected to a VPN
Hi, really love the work that's been done, the killswitch was a much needed feature for me and I'm thrilled to have it.
I'm having some issues with the SUBNETS flag and the ports I've forwarded being available on my network. I have set SUBNETS to my LAN IP range (10.5.0.0/24) but I cannot connect to any of the containers running under this one over the forwarded ports (i.e. 10.5.0.1:8080). This is not an issue with the other containers as I can ping them from other docker containers and even access the VPN's containers via NGINX for example. Any help kindly appreciated!