Docker networking issue

P

projecttom

New Member
Apr 30, 2024
3
0
1
I have issues reaching my docker container from external.

My current/old WORKING setup is:

Code: 
  Server app               Docker host                  Clients
docker container  <->   Ubuntu on bare metal  <->   Linux/Win bare metal
 192.168.12.2                192.168.11.9             192.168.11.[80-159]

Docker network is defined in compose file like:

Code: 
networks:
  domain-net:
    ipam:
      driver: default
      config:
        - subnet: 192.168.12.0/24
          gateway: 192.168.12.1
          ip_range: 192.168.12.0/24
services:
  ...
  networks:
      domain-net:
        ipv4_address: 192.168.12.2

For reasons the server app gets a different sub net address than the rest. With appropriate routing rules (`192.168.12.0/24 via 192.168.11.9 dev ...`) on clients this worked fine for years.

Now I am trying to move the host to proxmox, with a new configuration like this:

Code: 
  Server app            Docker host             Client
docker container  <->   Debian VM      <->   Linux Mint bare metal
  192.168.12.2         192.168.11.9          192.168.11.87 [80-159]
                       ---- on -----
                          proxmox
                       192.168.11.8

While everything else stays the same, now
  • I can NOT ping the server app from clients - I do not even get error messaged or "not reachable"
  • But I can ping the client from the server app container (!!)
  • On the client I can ping proxmox, the dockerhost and the gateway (192.168.12.1)
  • On the docker host I can ping both app and client
  • On proxmox (while irrelevant for me) I have the same situation as on the client
As far as I can tell:
  • Forwarding is activated on docker host.
  • Routing is properly defined on clients (on proxmox and dockerhost it's set up automatically)
  • Firewalls are off on all systems
What's going on here? Do I have to make some setting (routes) on pve?
Any idea to fix the setup or at least do further research?
 
Last edited:
After some further research I kind of solved the issue. Of course it is not a proxmox issue but normal docker operation.

While forwarding was activated (in /proc/sys/net/ipv4/...) and "normal" firewalls were deactivated,
there are a couple of ip filtering rules controlled by docker I listed with iptables -S

Obviously on the old system I had changed the policy for FORWARD chain from DROP to ACCEPT and had forgotten about it.
So iptables -P FORWARD ACCEPT fixed the issue

However I guess this is not the preferable approach. Any hints how to do better?
 
You must log in or register to reply here.
Top Bottom