i have a super weird issue which i can reproduce.
Most of my clients in my network at home are connected via wireuard vpn with another system in another country and use this system as default gateway. No issues so far.
My QNAP NAS also uses this gateway for communication to the internet. Now i have setup a docker container in my container station and the issue appears. For now, one specific website is not reachable anymore from inside of any docker container on the QNAP.
curl https://rapidgator.net/ --verbose
* Trying 195.211.222.2:443...
* Connected to rapidgator.net (195.211.222.2) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to rapidgator.net:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to rapidgator.net:443
Same issue appeears with wget/openssl s_client, etc. and yes i can still reach every other website as usual.
If I turn off the VPN Gateway in my QNAP and the communication uses my usual public IP the issue for this one specific website disapears. I was able to reproduce this issue with a simple ubuntu:latest docker on my manjaro which is also using wireguard. If i turn off wireguard on Manjaro, issue with the website inside the docker disappears.
I should also note that on every system with wireguard VPN and VPN default gateway without docker I can reach this specific website without any issues. Its only with the combination of both and i don't even know what i could do to fix this issue.
Any suggestion on this issue? I can provide you any information if needed.
Thanks!
Related
I have a linux server hosting an app that I want to expose using my namecheap domain name.
The network that the linux server is behind seems to be blocking port 7844, docker error:
"ERR Serve tunnel error error="DialContext error: dial tcp xxx:7844: i/o timeout" connIndex=0 ip=xxx
ERR Unable to establish connection with Cloudflare edge error="DialContext e rror: dial tcp xxx.:7844: i/o timeout" connIndex=0 ip=xxx.33
"
Works fine on machines on another network, linux and windows. So looks to be the network, which I can't port forward on.
I found SirTunnel: https://github.com/anderspitman/SirTunnel but this requires sudo on my siteground server, which isn't possible.
Are there any free alternatives I can use? Or a way I can use cloudflare through a different port?
Thanks
We're currently having an issue where curl bigquery.googleapis.com sometimes hangs indefinitely inside a ubuntu:20.04 local docker container, but always works (returns a 404) on the host macOS machine and in production. The container is running a Python Flask application.
Some observations:
It's flakey, curl bigquery.googleapis.com works when the container initializes, but trying again ~10 mins later hangs. Eventually, the command will work again and curl -v shows it's trying to connect to a different IP.
We don't have this issue on production, or on any host machine.
Different people on our team experience the issue at different times, on different IPs.
During the issue, connections to other google services (e.g. curl servicemanagement.googleapis.com) works fine.
During the issue, the command works in another docker container with a different image.
Issue has occurred across many macOS Docker versions.
Curling directly to the IPv4 address also hangs.
Interestingly, doing netstat on the host machine shows all connections as ESTABLISHED, but doing netstat inside the container shows them as SYN_SENT.
We hypothesize that the connection is being kept alive on the host, but is killed in the container. Or, certain ACKs aren't being forwarded correctly to the container for some reason.
netstat on macOS
netstat inside container
TCP Dump
curl -v output
root#cf8bd850e9ab:/code# curl -v bigquery.googleapis.com
* Trying 142.251.35.170:80...
* TCP_NODELAY set
* Trying 2607:f8b0:4006:81e::200a:80...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4006:81e::200a: Cannot assign requested address
* Trying 2607:f8b0:4006:81e::200a:80...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4006:81e::200a: Cannot assign requested address
* Trying 2607:f8b0:4006:81e::200a:80...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4006:81e::200a: Cannot assign requested address
* Trying 2607:f8b0:4006:81e::200a:80...
* TCP_NODELAY set
* Immediate connect fail for 2607:f8b0:4006:81e::200a: Cannot assign requested address
Additional output:
netstat -p: https://pastebin.com/sKQ23yah
curl --ipv4: https://pastebin.com/3N7Q6aB4
You can specify the DNS while running the container with --dns flag or you can configure it by adding an entry in /etc/docker/daemon.json which could probably help with the resolution.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
I did put together a network of containers for a Web App via docker compose. As long as I run it on the standard 443 SSL port (only port exposed to the host) it runs smoothly. When I switch to another port (I need to run multiple container networks on this machine) the connection from outside the server always shows a timeout. Tried port 8443, 9001 and several others. I didn't change anything else on the container itself.
The strange thing is, when I do a curl on the server with localhost and the specified port, it shows the App without any problems. So the App is running fine, just the connection from outside is somehow stuck.
The Application itself has a self signed certificate inside the container, but this shouldn't be
What I tried to far (for port 8443):
netstat shows the port 8443 (or any other I tried) open and listended to (same as the 443, where another app is working fine)
A curl on the server with localhost:8443 works fine
Connection via several server (in different countries): all connection timed out
This is my curl from outside:
λ curl -v https://xxx.xxx.xxx.xxx:8443/
* Trying 87.106.152.131...
* TCP_NODELAY set
* connect to xxx.xxx.xxx.xxx port 8443 failed: Timed out
* Failed to connect to xxx.xxx.xxx.xxx port 8443: Timed out
* Closing connection 0
curl: (7) Failed to connect to xxx.xxx.xxx.xxx port 8443: Timed out
Not much information there.
My questions are:
Where can I get some more information about this timeout (and why this is happening)?
Did anyone else stumbled upon this error and has a solution on hand?
If it work on localhost and on port 443, the only remain explaination for a timeout is a firewall who filter your request.
Also if you try to curl like that you will have issue with certificate, check this post who explain you how to manage self signed certificate or https via IP with curl.
I am using PubNub (GO SDK) publish/subscribe service to receive messages but I am not receiving any messages even when I am able to ping google.com from inside the container.
In the Pubnub logs, every time my program tries to connect to the origin (Pubnub server), I am getting "dial tcp: i/o timeout" error. I guess this is due to the slow internet connection either on the host or in the container.
What should I do to get around this error?
I was to solve this error by including Google DNS (8.8.8.8) in my machine's nameservers. I think this error was due to the slow domain resolution process as my machine was getting DNS from DHCP.
I followed these steps:
Set static DNS in /etc/resolvconf/resolv.conf.d/basefile:
nameserver 8.8.8.8
nameserver 8.8.4.4
Configure your PC so that it uses user-provided DNS, instead of obtaining it from DHCP. For that, open this file /etc/dhcp/dhclient.conf and add this line:
supersede domain-name-servers 8.8.8.8, 8.8.4.4;
Restart network manager using:
sudo service network-manager restart
I'm trying to open port TCP 28016 and UDP 28015 for a game server in my compute engine VM running on Microsoft Windows Server 2016.
I've tried opening the opening inside my server using RDP, going to Windows Firewall setting and creating new inbound rules for both TCP 28016 and UDP 28015.
Also done setting firewall rules on my Cloud Platform Firewall Rules for both port.
When running my game server application, running netstat didn't show any of the port being used / not listening . Not even shows up. What did i do wrong ?
Edit : it now shows up on netstat -a -b , but didn't have LISTENING
If it doesn't show as LISTENING, it's not a firewall or "port forwarding" issue; rather, the application either isn't running, or is running but isn't configured to listen for connections on that port.