Hi all,
Not sure if this is actually an issue specific to DNS but it seems like it. I have the following setup - a wireguard tunnel on the host to which I will connect other devices that want to access services, with Technitium running in a container at 192.168.1.2. Wireguard clients will direct their DNS there. Firewall is enabled at datacenter, node, and container levels. I added rules to allow inbound TCP & UDP to 192.168.1.2 on port 53, as well as allowing inbound TCP traffic to 192.168.1.2:5380 for the web interface. I left source fields blank in these rules. In the rules for the container, I left destination address blank as well and just allow traffic to ports 53 and 5380. (Leaving this blank is the same as specifying 0.0.0.0/0, right?)
Now everything is fine until I enable the firewall for the container's network interface. As soon as I do, all of my DNS lookups fail. However, nothing is logged in the firewall logs that I can find (if I try pinging the container, I do see those dropped). But I can access the management interface on port 5380! If I disable the rules to allow tcp port 5380 to that container... I can still access it??
Now, I think my problems with firewall configuration are mostly a moot point because I will only expose my wireguard port to outside, anyway. But I would sure like to understand what's going on here and why when I try to filter traffic to 5380 it is allowed through but when I try to allow the DNS traffic it fails.
Thanks all.
Not sure if this is actually an issue specific to DNS but it seems like it. I have the following setup - a wireguard tunnel on the host to which I will connect other devices that want to access services, with Technitium running in a container at 192.168.1.2. Wireguard clients will direct their DNS there. Firewall is enabled at datacenter, node, and container levels. I added rules to allow inbound TCP & UDP to 192.168.1.2 on port 53, as well as allowing inbound TCP traffic to 192.168.1.2:5380 for the web interface. I left source fields blank in these rules. In the rules for the container, I left destination address blank as well and just allow traffic to ports 53 and 5380. (Leaving this blank is the same as specifying 0.0.0.0/0, right?)
Now everything is fine until I enable the firewall for the container's network interface. As soon as I do, all of my DNS lookups fail. However, nothing is logged in the firewall logs that I can find (if I try pinging the container, I do see those dropped). But I can access the management interface on port 5380! If I disable the rules to allow tcp port 5380 to that container... I can still access it??
Now, I think my problems with firewall configuration are mostly a moot point because I will only expose my wireguard port to outside, anyway. But I would sure like to understand what's going on here and why when I try to filter traffic to 5380 it is allowed through but when I try to allow the DNS traffic it fails.
Thanks all.