I try to use this container: https://hub.docker.com/r/tiredofit/freepbx/
For that i have created this compose file:
https://pastebin.com/CkL1y0jd
I have proxied port 80 to my internal IP 172.20.0.45. This works great. But Port 5160 is not reachable from the outside.
On my Docker host i have ran
ngrep -W byline -d eno1 port 5160
This gives me the following output:
U 192.168.30.22:54194 -> 192.168.50.20:5160
REGISTER sip:pbx.UsualyMyDomain.ch:5160;transport=UDP SIP/2.0.
Via: SIP/2.0/UDP 212.XX.XX.XXX:54194;branch=z9hG4bK-524287-1---9bb8a42e6116af86;rport.
Max-Forwards: 70.
Contact: <sip:120#212.XXX.XXX.XXX:54194;rinstance=c4ebbf8b0a8fd276;transport=UDP>.
To: "4141XXXXXXX"<sip:120#pbx.UsualyMyDomain.ch:5160;transport=UDP>.
From: "4141XXXXXXX"<sip:120#pbx.UsualyMyDomain.ch:5160;transport=UDP>;tag=b4afdd24.
Call-ID: uXyh0WASXl2Cpp3oD0RYtw...
CSeq: 2 REGISTER.
Expires: 60.
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE.
User-Agent: Zoiper rv2.9.RC37-15-g9fc1f76ee4.
Allow-Events: presence, kpml, talk.
Content-Length: 0.
But if i run the above command inside of my container, then i get no packets at all:
ngrep -W byline -d eno1 port 5160
interface: eno1 (172.20.0.0/255.255.255.0)
filter: (ip or ip6) and ( port 5160 )
So where do i have to search for problems now?
netstats -tln
shows:
tcp6 0 0 :::5160 :::* LISTEN 13316/docker-proxy
But no UDP6 or UDP.
Could that be the problem?
Thanks in advance
Problem solved!
For all those out there who find a similar problem.
Read this: http://bhashitparikh.com/2016/02/03/when-port-forwarding-didnt-work-in-docker.html
One of the problems was that you must insert your Docker IP under SIP-CHAN Settings as bind address. Then also use static-ip and enter your docker ip.
And last but not least, add this to the compose file:
5160:5160/udp
5060:5060/udp
Otherwise it will only listen to tcp traffic!
now it works :)
Related
I am having some problems with my Mosquitto MQTT broker which I do not understand. I had setup another Mosquitto broker in a Google Cloud Ubuntu 20.04 VM and it was working properly. I have moved to a self-managed Ubuntu 20.04 VM in my university and have not been able to connect to the broker ever since. A little background on the current setup:
netfilter-persistent firewall (am unsure of the exact name of the firewall, this is the name of th service) has port 1883 open
ufw is inactive
the university has 2 levels in the firewall, one in the VM and one external. I have asked for the opening of ports 1883 (I am aware that only port 8883 should be open but this is temporary until I solve my issue)
the VM is accessible from outside the LAN of the university, as checked in https://www.yougetsignal.com/tools/open-ports/
I have an Apache webpage running and it is also accessible externally
I have NodeRED using port 1880 and it is also accessible externally
My Mosquitto conf file looks like the following. For the time being, I am not using TLS authentication, as I first need to solve the issue with the connection.
allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883 0.0.0.0
However, I have not been able to enable the communication when using either the server IP or the domain name. If I attempt to connect using localhost, everything works:
~$ mosquitto_sub -h localhost -t test -p 1883 -u "XX" -P "XX" -d
Client (null) sending CONNECT
Client (null) received CONNACK (0)
Client (null) sending SUBSCRIBE (Mid: 1, Topic: test, QoS: 0, Options: 0x00)
Client (null) received SUBACK
Subscribed (mid: 1): 0
If I attempt to connect with the domain name, I never receive an acknowledgment and the connection is never established:
~$ mosquitto_sub -h domain.com -t test -p 1883 -u "XX" -P "XX" -d
Client (null) sending CONNECT
Client (null) sending CONNECT
Client (null) sending CONNECT
Client (null) sending CONNECT
Client (null) sending CONNECT
Mosquitto seems to be properly bound when running the lsof -i command in the console:
mosquitto 2177304 mosquitto 5u IPv4 10127120 0t0 TCP *:1883 (LISTEN)
mosquitto 2177304 mosquitto 7u IPv4 10127251 0t0 TCP localhost:1883->localhost:47236 (ESTABLISHED)
I would appreciate it if anyone could guide me into what could be the root of my issue. If more information is needed regarding my setup, I will gladly provide it.
Thanks in advance to all!
Docker provides a way to map ports between the container and host.
As per the official documentation its also possible to mention host-ip while port mapping.
-p 192.168.1.100:8080:80 - Map TCP port 80 in the container to port 8080 on the Docker host for connections to host IP 192.168.1.100.
I tried this option to figure out what's the difference with/without the host-ip.
Using just -p 80:80
$ docker run -itd -p 80:80 nginx:alpine
$ curl localhost:80
$ curl 127.0.0.1:80
$ curl 0.0.0.0:80
$ curl 192.168.0.13:80
$ ps -ef | grep docker-proxy
16723 root 0:00 /usr/local/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8080 -container-ip 172.17.0.1 -container-port 80
$
All the curl commands return the output.
Using host-ip like -p 192.168.0.13:80:80
$ docker run -itd -p 192.168.0.13:80:80 nginx:alpine
$ curl localhost:80
curl: (7) Failed to connect to localhost port 80: Connection refused
$ curl 127.0.0.1:80
curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused
$ curl 0.0.0.0:80
curl: (7) Failed to connect to 0.0.0.0 port 80: Connection refused
$ curl 192.168.0.13:80 # return output
$ ps -ef | grep docker-proxy
4914 root 0:00 /usr/local/bin/docker-proxy -proto tcp -host-ip 192.168.0.13 -host-port 80 -container-ip 172.17.0.2 -container-port 80
$
All the curl commands failed except 192.168.0.13:80.
Is there any there any other difference apart for the one I mentioned here.
Wondering when to use host-ip based port mapping. Any use cases?
A docker host may have multiple NICs. In the data center, this may be too segregate traffic, e.g. management, storage, and application/public. On your laptop, this may be for wireless and wired interfaces. There are also virtual NICs for things like loopback (127.0.0.1) and VPN tunnels.
When you do not specify an IP in the port publish command, by default docker will bind to all interfaces on the host. In IPv4, this is commonly notated as 0.0.0.0 which means listen on any interface (and this is why I don't connect to this address because there's no such thing as connecting to any IP). With the IP address specified, you manually specify which interface to use. Why would you want to specify this? Several reasons I can think of:
Listening on only 127.0.0.1 to prevent external access
Listening on 0.0.0.0 to explicitly bind to all IPv4 interfaces (it is possible to change docker's default behavior, so this could be necessary for some).
Listening on one physical NIC, allowing other NICs to be bound by other services on the same port.
Listening on only IPv4 interfaces if the app does not work for IPv6.
While there are lots of possible reasons, other than listening on loopback for security, these use cases are very rare and most users leave docker to listen on all interfaces.
How can I open specific ports in order to use a SDK for a project?
I have already tried netcat, but it seems that you can only listen to a specific port or open a specific port if you have a hosting website.
To open a port and keep listening on it, on macOS this should be working:
nc -lk 8080
To test you can connect to the opened port by doing:
nc -vt 0 8080
To use UDP, you just need to use option -u, for example:
nc -u -lk 8080
To test you can connect:
nc -u -vt 0 8080
Output:
found 0 associations
found 1 connections:
1: flags=82<CONNECTED,PREFERRED>
outif (null)
src 127.0.0.1 port 63214
dst 127.0.0.1 port 8080
rank info not available
Connection to 0 port 8080 [udp/http-alt] succeeded!
I created a debian vm to have my docker host running on.
netstat
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 1260/dockerd
After that I setup port forwarding for port 2375 as described in many online tutorials.
Next I curl in the cmd of my windows 10 host os.
C:\Users\me>curl localhost:2375
curl: (56) Recv failure: Connection was reset
Notice that connecting to the VMs SSH port is working.
C:\Users\me>curl localhost:666
SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u1
Protocol mismatch.
Can anybody tell me what am I missing? Do I have to kinda allow port 2375 to be called from outside where the SSH port is allowed by default?
The issue is with your docker listening IP.
tcp 0 0 127.0.0.1:2375 0.0.0.0:* LISTEN 1260/dockerd
127.0.0.1 means it is only listening for connections generated from inside the VM.
You should change your docker daemon to use 0.0.0.0:2375. Then your port forwarding would work
I am using MacOS docker, last version (1.12.6). In particular for docker haproxy-exporter (For Prometheus monitoring of haproxy).
It won't connect with my haproxy. I get timeouts. As a basic test I use Telnet... When I get into the docker and execute a telnet I get:
/ # telnet MY_IP_ADDRESS 80
HTTP/1.0 408 Request Time-out
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html><body><h1>408 Request Time-out</h1>
Your browser didn't send a complete request in time.
</body></html>
Connection closed by foreign host
If I do this from my Mac shell, it connects:
/ # MacBook-Pro:~ icordoba$ telnet MY_IP_ADDRESS 80
Trying MY_IP_ADDRESS...
Connected to MY_IP_ADDRESS.
Escape character is '^]'.
^CConnection closed by foreign host.
It occurs on some dockers... this one is https://github.com/prometheus/haproxy_exporter
Thanks for any idea about what I'm missing...
If you use official haproxy image it listens 80 port, but in your case 9101 port hab been exposed.
Try run haproxy docker run -p 80:80 prom/haproxy-exporter -haproxy.scrape-uri="user:pass#haproxy.example.com/haproxy?stats;csv"
-p 80:80 publish port 80 from the container host to port 80 in the
container. Make sure the port you're using is free.
and run telnet MY_IP_ADDRESS 80