TCP traffic not forwarded to docker container
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have the following setup:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.252.10.129 0.0.0.0 UG 100 0 0 ens192
10.252.10.128 0.0.0.0 255.255.255.224 U 100 0 0 ens192
10.252.10.176 0.0.0.0 255.255.255.248 U 100 0 0 ens224
10.252.10.224 0.0.0.0 255.255.255.248 U 100 0 0 ens256
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 ens224
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 ens256
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.128.0 0.0.0.0 255.255.255.0 U 0 0 0 br-5791d7b4168d
broadcast 10.252.10.128 dev ens192 proto kernel scope link src 10.252.10.137
local 10.252.10.137 dev ens192 proto kernel scope host src 10.252.10.137
broadcast 10.252.10.159 dev ens192 proto kernel scope link src 10.252.10.137
broadcast 10.252.10.176 dev ens224 proto kernel scope link src 10.252.10.180
local 10.252.10.180 dev ens224 proto kernel scope host src 10.252.10.180
broadcast 10.252.10.183 dev ens224 proto kernel scope link src 10.252.10.180
broadcast 10.252.10.224 dev ens256 proto kernel scope link src 10.252.10.225
local 10.252.10.225 dev ens256 proto kernel scope host src 10.252.10.225
broadcast 10.252.10.231 dev ens256 proto kernel scope link src 10.252.10.225
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 172.17.0.0 dev docker0 proto kernel scope link src 172.17.0.1
local 172.17.0.1 dev docker0 proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 proto kernel scope link src 172.17.0.1
broadcast 192.168.128.0 dev br-5791d7b4168d proto kernel scope link src 192.168.128.1
local 192.168.128.1 dev br-5791d7b4168d proto kernel scope host src 192.168.128.1
broadcast 192.168.128.255 dev br-5791d7b4168d proto kernel scope link src 192.168.128.1
IPTABLES
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
13 780 RETURN all -- br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- br-4e9812a44531 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20443 to:192.168.128.3:9443
1 60 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28444 to:192.168.128.3:8444
281 15112 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28443 to:192.168.128.3:8443
If I send a request on ens224 the traffic is not forwarded to the docker container. It reaches the server but it's not forwarded.
If I send the same request from the local server then the request reaches docker.
Any idea on how to debug this?
I used tcpdump to track the traffic and the request reaches the server.
rhel
edited Jun 22 at 12:52
Thomas
3,38941023
asked Jun 22 at 11:44
Catalin
13
add a comment |Â
up vote
0
down vote
favorite
I have the following setup:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.252.10.129 0.0.0.0 UG 100 0 0 ens192
10.252.10.128 0.0.0.0 255.255.255.224 U 100 0 0 ens192
10.252.10.176 0.0.0.0 255.255.255.248 U 100 0 0 ens224
10.252.10.224 0.0.0.0 255.255.255.248 U 100 0 0 ens256
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 ens224
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 ens256
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.128.0 0.0.0.0 255.255.255.0 U 0 0 0 br-5791d7b4168d
broadcast 10.252.10.128 dev ens192 proto kernel scope link src 10.252.10.137
local 10.252.10.137 dev ens192 proto kernel scope host src 10.252.10.137
broadcast 10.252.10.159 dev ens192 proto kernel scope link src 10.252.10.137
broadcast 10.252.10.176 dev ens224 proto kernel scope link src 10.252.10.180
local 10.252.10.180 dev ens224 proto kernel scope host src 10.252.10.180
broadcast 10.252.10.183 dev ens224 proto kernel scope link src 10.252.10.180
broadcast 10.252.10.224 dev ens256 proto kernel scope link src 10.252.10.225
local 10.252.10.225 dev ens256 proto kernel scope host src 10.252.10.225
broadcast 10.252.10.231 dev ens256 proto kernel scope link src 10.252.10.225
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 172.17.0.0 dev docker0 proto kernel scope link src 172.17.0.1
local 172.17.0.1 dev docker0 proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 proto kernel scope link src 172.17.0.1
broadcast 192.168.128.0 dev br-5791d7b4168d proto kernel scope link src 192.168.128.1
local 192.168.128.1 dev br-5791d7b4168d proto kernel scope host src 192.168.128.1
broadcast 192.168.128.255 dev br-5791d7b4168d proto kernel scope link src 192.168.128.1
IPTABLES
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
13 780 RETURN all -- br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- br-4e9812a44531 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20443 to:192.168.128.3:9443
1 60 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28444 to:192.168.128.3:8444
281 15112 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28443 to:192.168.128.3:8443
If I send a request on ens224 the traffic is not forwarded to the docker container. It reaches the server but it's not forwarded.
If I send the same request from the local server then the request reaches docker.
Any idea on how to debug this?
I used tcpdump to track the traffic and the request reaches the server.
rhel
edited Jun 22 at 12:52
Thomas
3,38941023
asked Jun 22 at 11:44
Catalin
13
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have the following setup:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.252.10.129 0.0.0.0 UG 100 0 0 ens192
10.252.10.128 0.0.0.0 255.255.255.224 U 100 0 0 ens192
10.252.10.176 0.0.0.0 255.255.255.248 U 100 0 0 ens224
10.252.10.224 0.0.0.0 255.255.255.248 U 100 0 0 ens256
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 ens224
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 ens256
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.128.0 0.0.0.0 255.255.255.0 U 0 0 0 br-5791d7b4168d
broadcast 10.252.10.128 dev ens192 proto kernel scope link src 10.252.10.137
local 10.252.10.137 dev ens192 proto kernel scope host src 10.252.10.137
broadcast 10.252.10.159 dev ens192 proto kernel scope link src 10.252.10.137
broadcast 10.252.10.176 dev ens224 proto kernel scope link src 10.252.10.180
local 10.252.10.180 dev ens224 proto kernel scope host src 10.252.10.180
broadcast 10.252.10.183 dev ens224 proto kernel scope link src 10.252.10.180
broadcast 10.252.10.224 dev ens256 proto kernel scope link src 10.252.10.225
local 10.252.10.225 dev ens256 proto kernel scope host src 10.252.10.225
broadcast 10.252.10.231 dev ens256 proto kernel scope link src 10.252.10.225
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 172.17.0.0 dev docker0 proto kernel scope link src 172.17.0.1
local 172.17.0.1 dev docker0 proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 proto kernel scope link src 172.17.0.1
broadcast 192.168.128.0 dev br-5791d7b4168d proto kernel scope link src 192.168.128.1
local 192.168.128.1 dev br-5791d7b4168d proto kernel scope host src 192.168.128.1
broadcast 192.168.128.255 dev br-5791d7b4168d proto kernel scope link src 192.168.128.1
IPTABLES
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
13 780 RETURN all -- br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- br-4e9812a44531 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20443 to:192.168.128.3:9443
1 60 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28444 to:192.168.128.3:8444
281 15112 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28443 to:192.168.128.3:8443
If I send a request on ens224 the traffic is not forwarded to the docker container. It reaches the server but it's not forwarded.
If I send the same request from the local server then the request reaches docker.
Any idea on how to debug this?
I used tcpdump to track the traffic and the request reaches the server.
rhel
edited Jun 22 at 12:52
Thomas
3,38941023
asked Jun 22 at 11:44
Catalin
13
I have the following setup:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.252.10.129 0.0.0.0 UG 100 0 0 ens192
10.252.10.128 0.0.0.0 255.255.255.224 U 100 0 0 ens192
10.252.10.176 0.0.0.0 255.255.255.248 U 100 0 0 ens224
10.252.10.224 0.0.0.0 255.255.255.248 U 100 0 0 ens256
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 ens224
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 ens256
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.128.0 0.0.0.0 255.255.255.0 U 0 0 0 br-5791d7b4168d
broadcast 10.252.10.128 dev ens192 proto kernel scope link src 10.252.10.137
local 10.252.10.137 dev ens192 proto kernel scope host src 10.252.10.137
broadcast 10.252.10.159 dev ens192 proto kernel scope link src 10.252.10.137
broadcast 10.252.10.176 dev ens224 proto kernel scope link src 10.252.10.180
local 10.252.10.180 dev ens224 proto kernel scope host src 10.252.10.180
broadcast 10.252.10.183 dev ens224 proto kernel scope link src 10.252.10.180
broadcast 10.252.10.224 dev ens256 proto kernel scope link src 10.252.10.225
local 10.252.10.225 dev ens256 proto kernel scope host src 10.252.10.225
broadcast 10.252.10.231 dev ens256 proto kernel scope link src 10.252.10.225
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 172.17.0.0 dev docker0 proto kernel scope link src 172.17.0.1
local 172.17.0.1 dev docker0 proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 proto kernel scope link src 172.17.0.1
broadcast 192.168.128.0 dev br-5791d7b4168d proto kernel scope link src 192.168.128.1
local 192.168.128.1 dev br-5791d7b4168d proto kernel scope host src 192.168.128.1
broadcast 192.168.128.255 dev br-5791d7b4168d proto kernel scope link src 192.168.128.1
IPTABLES
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
13 780 RETURN all -- br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- br-4e9812a44531 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20443 to:192.168.128.3:9443
1 60 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28444 to:192.168.128.3:8444
281 15112 DNAT tcp -- !br-5791d7b4168d * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28443 to:192.168.128.3:8443
If I send a request on ens224 the traffic is not forwarded to the docker container. It reaches the server but it's not forwarded.
If I send the same request from the local server then the request reaches docker.
Any idea on how to debug this?
I used tcpdump to track the traffic and the request reaches the server.
rhel
edited Jun 22 at 12:52
Thomas
3,38941023
asked Jun 22 at 11:44
Catalin
13
edited Jun 22 at 12:52
Thomas
3,38941023
edited Jun 22 at 12:52
Thomas
3,38941023
edited Jun 22 at 12:52
Thomas
3,38941023
3,38941023
asked Jun 22 at 11:44
Catalin
13
asked Jun 22 at 11:44
Catalin
13
asked Jun 22 at 11:44
Catalin
13
13
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Â
draft saved
draft discarded
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451284%2ftcp-traffic-not-forwarded-to-docker-container%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
