On 10/20/2021 6:47 PM, Philipp Berger wrote:
Dear all,
I am trying to access SSH in a Docker container via a port forwarding
from Docker, which works via IPv6 but not IPv4 (!).
Setup:
enp35s0, main interface to world, IPv4 144.76.173.241
docker0, docker bridge interface, Container IP is 172.17.0.4
Docker file has " --publish 9202:22" meaning bind host 0.0.0.0:9202 and
forward to container:22.
In Shorewall, net to $FW has tcp/9202 as allowed.
Observations:
- Connection to 144.76.173.241:9202 does not work (Network
unreachable), IPv6 connection does work (SSH connection established).
- Connection from the Docker Container to 144.76.173.241:9202 works
(via IPv4, as Docker is IPv4-only!), SSH connection works.
Also:
# cat /etc/shorewall/shorewall.conf | grep DOCKER
DOCKER=Yes
This facility will be dropped eventually.
# cat /proc/sys/net/ipv4/ip_forward
1
After Shorewall is started?
/sbin/shorewall dump: attached!
Connection tried from 109.91.174.146 to 144.76.173.241:9202.
I assume some kind of masquerading is missing, but I am way out of my
depth here. Any ideas?
At some point I also tried removing the publish command from Docker and
used "DNAT net docker:172.17.0.4:22 tcp 9202", which also did not work.
Try substituting '22' by '9202'.
--
Matt Darfeuille <m...@shorewall.org>
Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/
SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/
Homepage: https://shorewall.org
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
