Connecting from another client?

Question

Connecting from another client?

Opened this issue 2 years ago · 3 comments

Hi dev, thank you for this project! It works great for me.

However I do have a question, is it possible to map the port to host so other clients connect to it?

Assuming I have a private IP address 192.168.1.50, and after mapping the port 8443, I am unable to connect to 192.168.1.50:8443 from other PCs e.g. 192.168.1.51

Can you please give me some hint as to which direction should I look to fix this? Thank you!

Answer 1 · 2022-11-01T03:12:36.000Z

Thanks for the comments.

How about publishing 8443/tcp by -p flag? Assuming that your private IP address is 192.168.1.50, you can publish the port by:

$ docker container run \
    --cap-add=NET_ADMIN \
    --device=/dev/ppp \
    --rm \
    -p 192.168.1.50:8443:8443/tcp \
    -v /path/to/config:/etc/openfortivpn/config:ro \
    ghcr.io/tosainu/fortivpn-socks5:master

https://docs.docker.com/config/containers/container-networking/#published-ports

Answer 2 · 2022-11-01T09:59:50.000Z

Thank you for the response!

I have been publishing using -p flag. It did not work as intended, I guess maybe because it was on an openwrt machine, and I have a bunch of other iptables rules enabled, maybe it was interfered somehow. I can access the http proxy from openwrt system itself (access using 127.0.0.1:8443), but not from other machines on the same subnet (accesss using 192.168.1.1:8443).

I installed docker on my windows PC (192.168.1.150), and it works, I can access 192.168.1.150:8443 from other machines on the same subnet.

Sorry for the trouble, I will continue digging to find out why it did not work on openwrt.

Answer 3 · 2022-11-06T02:29:54.000Z

Unfortunately I have to reopen this issue.
I think it is still a issue of how this docker handles network, in combination with the two packages it includes, openfortivpn and glider.

So here is what happens:

On a Openwrt machine(host), I have 4 physical ethernet ports, eth 0-3. eth0 is in wan interface (gets public IP address from my ISP), while eth1-3 is in lan interface (subnet 192.168.1.0/24). If I run this docker(default bridge network docker0, host is at 172.17.0.1, docker instance is at 172.17.0.2), and map the port 8443, and the DNAT is working, I can see 0.0.0.0:8443 is listening using netstat.
In this setup, from the Openwrt machine(host), proxy is accessible at 127.0.0.1:8443, 1.2.3.4:8443(public IP address), 172.17.0.1:8443, but not 192.168.1.1:8443
But if instead of the port mapping provided by docker, I use socat to create port forwarding rules (socat TCP4-LISTEN:8443,reuseaddr,fork,su=nobody TCP4:172.17.0.2:8443), it works as intended.

On a windows machine (host, IP address 192.168.1.150), I have only 1 physical ethernet port, no wireless. If I setup the docker in the same manner (windows host 172.17.0.1, docker 172.17.0.2, port mapping 8443), from the windows host machine, proxy is accessible at 127.0.0.1:8443, 192.168.1.150:8443, but not 172.17.0.1:8443

In summary, when you have multiple network interfaces, port mapping is not working for all of them, even if it is listening on 0.0.0.0:8443.