I have developed a VPN based on my own protocol (just for pleasure 🙂 ) The VPN server is run inside docker containers I just have to run the container with –privileged and create inside the container a tun interface as following with an iptables rule ip tuntap add dev tun10 mode tun ip addr ..
I seached a lot an still not heve the final solution (only some workarounds) How can i prevent container connected to bridged network to access the internet? (but use portmapping so incomming trafic shuld work on port 80) what I did: use docker-compose add a apache container and add a 80:80 port map. I can ..
From within a container, I’m trying to temporarily block access to a port in the same network. For example: services: cli: image: node:latest-alpine redis: image: redis:latest-alpine Inside cli, I want to temporarily block localhost:6379 (redis). I have tried the following: iptables-legacy -A OUTPUT -p tcp –dport 6379 -j DROP do something iptables-legacy -A OUTPUT -p ..
after hard reboot some of my mailcow service can’t up and I see very strange error: _ # docker-compose up mysql-mailcow mailcowdockerized_unbound-mailcow_1 is up-to-date Starting mailcowdockerized_mysql-mailcow_1 … Starting mailcowdockerized_mysql-mailcow_1 … error ERROR: for mailcowdockerized_mysql-mailcow_1 Cannot start service mysql-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_mysql-mailcow_1 (51ef83fe79434e8d985b4f451631001a97f9912be630509abcbed92065f5da1e): (iptables failed: iptables –wait -t nat -A DOCKER ..
I want to host a couple of (dockerized) web applications (e.g. Keycloak, Nextcloud and Discourse). The servers I have to use have two network interfaces: eth1 and eth0. eth1 is the production interface – this is where user’s requests reach the server & applications. Easy enough. eth0 is the administration interface – this is what ..
Does anyone of you have experience with the use of conntrack in a containerized environment? I am running a regular alpine docker container with docker run –network bridge –privileged –cap-add all -it –rm alpine, however, /proc/net/nf_conntrack remains empty within the container, and conntrack -L returns 0 active connections. I can see open connections in the ..
Does anyone of you have experience with the use of conntrack in a containerized environment? I am running a regular alpine docker container with docker run –network bridge –privileged –cap-add all -it –rm alpine on a Debian operating system (kernel 5.10.0-6-amd64), however, /proc/net/nf_conntrack remains empty within the container, and conntrack -L returns 0 active connections ..
I am not good at understanding iptables and hope to receive some explanation here. On a remote Linux server I have the following rules: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-USER all — anywhere anywhere DOCKER-ISOLATION-STAGE-1 all — anywhere anywhere ACCEPT all — ..
I have deployed a simple Flask server in a docker container. The app accepts connections on port 7005 and I have exposed the port 7005 on docker. I can see the docker is actively blocking connections but I couldn’t figure out the reason. I have tried adding ACCEPT for DOCKER-USER chain for port 7005; changed ..
I’m looking for a way to either redirect ports within a container (Not using Docker with ‘-p’) or use multiple containers with same port with network_mode. Background: I have a service (VPN) inside a container that provides a central gateway to another network. Now I want to use "network_mode: ‘container:vpn’" to attach additional ‘sub’-containers to ..