Forward traffic to Docker issues

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have a few fundamental conceptual issues due to which i am not able to forward the traffic on a docker container containing a network.



Docker container is listening on 2123/udp



Approach 0
Publish all argument does not seem to work. There was no mapping/change in iptables before and after this command.



 docker run -d -P image


https://docs.docker.com/v17.09/engine/userguide/networking/default_network/binding/



Approach 1
I want to send traffic from any interface/ip/port to a docker container. I found that most of my traffic is on eno1, ip = x.x.x.x and port 22. I tried binding this port 22 to docker using



docker run -d -p 22:2123 image
As the port is active so it could not bind with port 22


Approach 2
I chose a random port 80 and tried to publish it



docker run -d -p x.x.x.x:80:2123


I did not print any error. However, when i send packets to this ip and port, connection is refused.



Packets sent as follows.
dd if=/dev/zero bs=9000 count=1000 > /dev/tcp/x.x.x.x/80


Therefore i added a port forwarding rule to forward all traffic received on port 22 to x.x.x.x:80.



echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination x.x.x.x:80


Still connection refused. Even with this refused connection, i saw two transactions



 tcpdump -i any port 2123
IP <dockerNWip>.37042 > <host>.2123: Flags [S], seq 1289990254, win 29200, options [mss 1460,sackOK,TS val 437161 ecr 0,nop,wscale 7], length 0
IP <dockerNWip>.37042 > <host>.2123: Flags [S], seq 1289990254, win 29200, options [mss 1460,sackOK,TS val 437161 ecr 0,nop,wscale 7], length 0
IP <host>.2123 > <dockerNWip>.37042: Flags [R.], seq 0, ack 1289990255, win 0, length 0
IP <host>.2123 > <dockerNWip>.37042: Flags [R.], seq 0, ack 1, win 0, length 0


I am not sure where the problem lies. My question



 1) Do i need to bind x.x.x.x and port 80? I thought the rule would do that.
2) Do i need anything else besides the publishing the ports?
3) Is my way to tcpdumping the port correct to monitor the traffic?


My strategy/assumption was that binding host port 80 with container port 2123 should automatically route the traffic.







share|improve this question















  • 2




    You say the container exposes port 2123 over UDP, so you should set your docker port bindings to be UDP: docker run -d -p $UNUSED_HOST_PORT:2123/udp $IMAGE and see if that works any better. If that still does not work, make sure the Docker network is in a functioning state. Also, your test to check if it is working appears to be using TCP, you would want to switch to a test using UDP.
    – GracefulRestart
    Apr 28 at 17:24











  • I have followed all of these instructions. However still don't see any traffic on port 2123. The binding is not successful.
    – RNA
    Apr 29 at 7:25














up vote
0
down vote

favorite












I have a few fundamental conceptual issues due to which i am not able to forward the traffic on a docker container containing a network.



Docker container is listening on 2123/udp



Approach 0
Publish all argument does not seem to work. There was no mapping/change in iptables before and after this command.



 docker run -d -P image


https://docs.docker.com/v17.09/engine/userguide/networking/default_network/binding/



Approach 1
I want to send traffic from any interface/ip/port to a docker container. I found that most of my traffic is on eno1, ip = x.x.x.x and port 22. I tried binding this port 22 to docker using



docker run -d -p 22:2123 image
As the port is active so it could not bind with port 22


Approach 2
I chose a random port 80 and tried to publish it



docker run -d -p x.x.x.x:80:2123


I did not print any error. However, when i send packets to this ip and port, connection is refused.



Packets sent as follows.
dd if=/dev/zero bs=9000 count=1000 > /dev/tcp/x.x.x.x/80


Therefore i added a port forwarding rule to forward all traffic received on port 22 to x.x.x.x:80.



echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination x.x.x.x:80


Still connection refused. Even with this refused connection, i saw two transactions



 tcpdump -i any port 2123
IP <dockerNWip>.37042 > <host>.2123: Flags [S], seq 1289990254, win 29200, options [mss 1460,sackOK,TS val 437161 ecr 0,nop,wscale 7], length 0
IP <dockerNWip>.37042 > <host>.2123: Flags [S], seq 1289990254, win 29200, options [mss 1460,sackOK,TS val 437161 ecr 0,nop,wscale 7], length 0
IP <host>.2123 > <dockerNWip>.37042: Flags [R.], seq 0, ack 1289990255, win 0, length 0
IP <host>.2123 > <dockerNWip>.37042: Flags [R.], seq 0, ack 1, win 0, length 0


I am not sure where the problem lies. My question



 1) Do i need to bind x.x.x.x and port 80? I thought the rule would do that.
2) Do i need anything else besides the publishing the ports?
3) Is my way to tcpdumping the port correct to monitor the traffic?


My strategy/assumption was that binding host port 80 with container port 2123 should automatically route the traffic.







share|improve this question















  • 2




    You say the container exposes port 2123 over UDP, so you should set your docker port bindings to be UDP: docker run -d -p $UNUSED_HOST_PORT:2123/udp $IMAGE and see if that works any better. If that still does not work, make sure the Docker network is in a functioning state. Also, your test to check if it is working appears to be using TCP, you would want to switch to a test using UDP.
    – GracefulRestart
    Apr 28 at 17:24











  • I have followed all of these instructions. However still don't see any traffic on port 2123. The binding is not successful.
    – RNA
    Apr 29 at 7:25












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have a few fundamental conceptual issues due to which i am not able to forward the traffic on a docker container containing a network.



Docker container is listening on 2123/udp



Approach 0
Publish all argument does not seem to work. There was no mapping/change in iptables before and after this command.



 docker run -d -P image


https://docs.docker.com/v17.09/engine/userguide/networking/default_network/binding/



Approach 1
I want to send traffic from any interface/ip/port to a docker container. I found that most of my traffic is on eno1, ip = x.x.x.x and port 22. I tried binding this port 22 to docker using



docker run -d -p 22:2123 image
As the port is active so it could not bind with port 22


Approach 2
I chose a random port 80 and tried to publish it



docker run -d -p x.x.x.x:80:2123


I did not print any error. However, when i send packets to this ip and port, connection is refused.



Packets sent as follows.
dd if=/dev/zero bs=9000 count=1000 > /dev/tcp/x.x.x.x/80


Therefore i added a port forwarding rule to forward all traffic received on port 22 to x.x.x.x:80.



echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination x.x.x.x:80


Still connection refused. Even with this refused connection, i saw two transactions



 tcpdump -i any port 2123
IP <dockerNWip>.37042 > <host>.2123: Flags [S], seq 1289990254, win 29200, options [mss 1460,sackOK,TS val 437161 ecr 0,nop,wscale 7], length 0
IP <dockerNWip>.37042 > <host>.2123: Flags [S], seq 1289990254, win 29200, options [mss 1460,sackOK,TS val 437161 ecr 0,nop,wscale 7], length 0
IP <host>.2123 > <dockerNWip>.37042: Flags [R.], seq 0, ack 1289990255, win 0, length 0
IP <host>.2123 > <dockerNWip>.37042: Flags [R.], seq 0, ack 1, win 0, length 0


I am not sure where the problem lies. My question



 1) Do i need to bind x.x.x.x and port 80? I thought the rule would do that.
2) Do i need anything else besides the publishing the ports?
3) Is my way to tcpdumping the port correct to monitor the traffic?


My strategy/assumption was that binding host port 80 with container port 2123 should automatically route the traffic.







share|improve this question











I have a few fundamental conceptual issues due to which i am not able to forward the traffic on a docker container containing a network.



Docker container is listening on 2123/udp



Approach 0
Publish all argument does not seem to work. There was no mapping/change in iptables before and after this command.



 docker run -d -P image


https://docs.docker.com/v17.09/engine/userguide/networking/default_network/binding/



Approach 1
I want to send traffic from any interface/ip/port to a docker container. I found that most of my traffic is on eno1, ip = x.x.x.x and port 22. I tried binding this port 22 to docker using



docker run -d -p 22:2123 image
As the port is active so it could not bind with port 22


Approach 2
I chose a random port 80 and tried to publish it



docker run -d -p x.x.x.x:80:2123


I did not print any error. However, when i send packets to this ip and port, connection is refused.



Packets sent as follows.
dd if=/dev/zero bs=9000 count=1000 > /dev/tcp/x.x.x.x/80


Therefore i added a port forwarding rule to forward all traffic received on port 22 to x.x.x.x:80.



echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to-destination x.x.x.x:80


Still connection refused. Even with this refused connection, i saw two transactions



 tcpdump -i any port 2123
IP <dockerNWip>.37042 > <host>.2123: Flags [S], seq 1289990254, win 29200, options [mss 1460,sackOK,TS val 437161 ecr 0,nop,wscale 7], length 0
IP <dockerNWip>.37042 > <host>.2123: Flags [S], seq 1289990254, win 29200, options [mss 1460,sackOK,TS val 437161 ecr 0,nop,wscale 7], length 0
IP <host>.2123 > <dockerNWip>.37042: Flags [R.], seq 0, ack 1289990255, win 0, length 0
IP <host>.2123 > <dockerNWip>.37042: Flags [R.], seq 0, ack 1, win 0, length 0


I am not sure where the problem lies. My question



 1) Do i need to bind x.x.x.x and port 80? I thought the rule would do that.
2) Do i need anything else besides the publishing the ports?
3) Is my way to tcpdumping the port correct to monitor the traffic?


My strategy/assumption was that binding host port 80 with container port 2123 should automatically route the traffic.









share|improve this question










share|improve this question




share|improve this question









asked Apr 28 at 16:33









RNA

1




1







  • 2




    You say the container exposes port 2123 over UDP, so you should set your docker port bindings to be UDP: docker run -d -p $UNUSED_HOST_PORT:2123/udp $IMAGE and see if that works any better. If that still does not work, make sure the Docker network is in a functioning state. Also, your test to check if it is working appears to be using TCP, you would want to switch to a test using UDP.
    – GracefulRestart
    Apr 28 at 17:24











  • I have followed all of these instructions. However still don't see any traffic on port 2123. The binding is not successful.
    – RNA
    Apr 29 at 7:25












  • 2




    You say the container exposes port 2123 over UDP, so you should set your docker port bindings to be UDP: docker run -d -p $UNUSED_HOST_PORT:2123/udp $IMAGE and see if that works any better. If that still does not work, make sure the Docker network is in a functioning state. Also, your test to check if it is working appears to be using TCP, you would want to switch to a test using UDP.
    – GracefulRestart
    Apr 28 at 17:24











  • I have followed all of these instructions. However still don't see any traffic on port 2123. The binding is not successful.
    – RNA
    Apr 29 at 7:25







2




2




You say the container exposes port 2123 over UDP, so you should set your docker port bindings to be UDP: docker run -d -p $UNUSED_HOST_PORT:2123/udp $IMAGE and see if that works any better. If that still does not work, make sure the Docker network is in a functioning state. Also, your test to check if it is working appears to be using TCP, you would want to switch to a test using UDP.
– GracefulRestart
Apr 28 at 17:24





You say the container exposes port 2123 over UDP, so you should set your docker port bindings to be UDP: docker run -d -p $UNUSED_HOST_PORT:2123/udp $IMAGE and see if that works any better. If that still does not work, make sure the Docker network is in a functioning state. Also, your test to check if it is working appears to be using TCP, you would want to switch to a test using UDP.
– GracefulRestart
Apr 28 at 17:24













I have followed all of these instructions. However still don't see any traffic on port 2123. The binding is not successful.
– RNA
Apr 29 at 7:25




I have followed all of these instructions. However still don't see any traffic on port 2123. The binding is not successful.
– RNA
Apr 29 at 7:25















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440597%2fforward-traffic-to-docker-issues%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440597%2fforward-traffic-to-docker-issues%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?