Can’t connect Docker container (Debian 10 LXC host) to external network

[Emorivox]

I’m getting mad in this situation so I decided to write here in the forum.

I’m developing a simple application with .NET Core that connect a socket to a server (industrial protocol Modbus TCP) (port 502). I’ve made some tests with different configuration but more or less the result is always the same:

• First test: I made a LXC Unprivileged instance of Debian 10 (nesting ON) (Proxmox VE is installed on a HP Microserver and everything seems to work like a charm, really impressed, since months), I installed Docker as the user Jabber suggested here, so using the upstream and not Debian version: directly from the Debian instance I get “Access denied (13)” when the program tries to open the connection, from the container same result
• Second test: I made a LXC Privileged container instance od Debian 10 (nesting ON), I installed Docker as the user Jabber suggested here, so using the upstream and not Debian version: directly from the Debian instance I can connect to a server on my development laptop, from the container I get a “fun” experience: if I point to the correct service port (502 or even others I tested) where the server is listening to I get “Access denied (13)”, if I point to a random port I get “Connection refused (111)” and so the conclusion to me is that the program somehow can detect what’s on the other side

I’ve used extensively Docker since a year but always with containers that host a service not connecting TO a service and on Proxmox everything is simple and straightforward. I tried to run the container with various parameters, exposing or translating ports from host to container, I also tried “host mode” but I fall always in the same situation. There are some thread around regarding Kestrel or Heroku, I tried also to pass the port as environment variable, but the feeling I have is that I missing something , for sure for inexperience, “higher” to nat the addresses or do some iptables policy or what… Help highly appreciated!

Proxmox is amazing, keep on the hard and good work!

Thank you

Andrea

 

[oguz]

hi,

you can check with ss -antlp to see if port is really listening like you expect.

"access denied" has to do with permissions, to bind port 502 you need root permissions.

"connection refused" could be a result of firewall being activated - maybe you have to allow the port.

you can also try to set up docker in a debian VM to try there.

 

[Emorivox]

Hi oguz, at firts thank you for your kind answer... So far so good I could solve the problem, some more details:
- in the hurry I wrote that the problem was "Access denied (13)" but actually the correct message was "Permission denied (13)"
- all in all I had better results with Turnkey Core instead of Debian
- the debugger pointed to this line of code (C# .NET 3.1) but somehow I ignored that

tcpSynCl.SetSocketOption(SocketOptionLevel.Socket, SocketOptionName.NoDelay, 1);

from MS documentation:

https://docs.microsoft.com/en-us/dotnet/api/system.net.sockets.socketoptionname?view=netcore-3.1

it seems that this method sets the socket option to NoDelay and so "Disables the Nagle algorithm for send coalescing." that to me means... nothing!
Anyway commenting this single line of code evrything went smooth!

Thanks again, keep on the hard and shiny work on Proxmox!