Connecting from another client?
Opened this issue · 3 comments
Hi dev, thank you for this project! It works great for me.
However I do have a question, is it possible to map the port to host so other clients connect to it?
Assuming I have a private IP address 192.168.1.50, and after mapping the port 8443, I am unable to connect to 192.168.1.50:8443 from other PCs e.g. 192.168.1.51
Can you please give me some hint as to which direction should I look to fix this? Thank you!
Thanks for the comments.
How about publishing 8443/tcp
by -p
flag? Assuming that your private IP address is 192.168.1.50
, you can publish the port by:
$ docker container run \
--cap-add=NET_ADMIN \
--device=/dev/ppp \
--rm \
-p 192.168.1.50:8443:8443/tcp \
-v /path/to/config:/etc/openfortivpn/config:ro \
ghcr.io/tosainu/fortivpn-socks5:master
https://docs.docker.com/config/containers/container-networking/#published-ports
Thank you for the response!
I have been publishing using -p
flag. It did not work as intended, I guess maybe because it was on an openwrt machine, and I have a bunch of other iptables rules enabled, maybe it was interfered somehow. I can access the http proxy from openwrt system itself (access using 127.0.0.1:8443), but not from other machines on the same subnet (accesss using 192.168.1.1:8443).
I installed docker on my windows PC (192.168.1.150), and it works, I can access 192.168.1.150:8443 from other machines on the same subnet.
Sorry for the trouble, I will continue digging to find out why it did not work on openwrt.
Unfortunately I have to reopen this issue.
I think it is still a issue of how this docker handles network, in combination with the two packages it includes, openfortivpn and glider.
So here is what happens:
On a Openwrt machine(host), I have 4 physical ethernet ports, eth 0-3
. eth0
is in wan
interface (gets public IP address from my ISP), while eth1-3
is in lan
interface (subnet 192.168.1.0/24
). If I run this docker(default bridge network docker0
, host is at 172.17.0.1
, docker instance is at 172.17.0.2
), and map the port 8443, and the DNAT is working, I can see 0.0.0.0:8443 is listening using netstat
.
In this setup, from the Openwrt machine(host), proxy is accessible at 127.0.0.1:8443
, 1.2.3.4:8443
(public IP address), 172.17.0.1:8443
, but not 192.168.1.1:8443
But if instead of the port mapping provided by docker, I use socat
to create port forwarding rules (socat TCP4-LISTEN:8443,reuseaddr,fork,su=nobody TCP4:172.17.0.2:8443
), it works as intended.
On a windows machine (host, IP address 192.168.1.150
), I have only 1 physical ethernet port, no wireless. If I setup the docker in the same manner (windows host 172.17.0.1
, docker 172.17.0.2
, port mapping 8443
), from the windows host machine, proxy is accessible at 127.0.0.1:8443, 192.168.1.150:8443, but not 172.17.0.1:8443
In summary, when you have multiple network interfaces, port mapping is not working for all of them, even if it is listening on 0.0.0.0:8443
.