-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cant access published port from anywhere except localhost on some containers #47754
Comments
Hi @alec-jensen, thanks for reporting. Could you try enabling debug mode as described here and paste all logs related to You can also try https://github.com/akerouanton/iptables-tracer. It will show you all the iptables rules matched by a packet and which one is dropping them. |
Nothing in the docker logs after enabling debug. I'm not sure what logs relate to iptables. Here's what the iptables-tracer output:
|
I'm experiencing the same issue. After upgrading from 4.23.0 to 4.30.0 I can no longer access the services running in my swarm stacks. I enabled debugging, but there is just so much info I don't know what to filter to get anything useful. If I log into my containers I can access the REST endpoints just fine. ❯ docker exec -it 38949 curl -v http://localhost:8080/api/v1/status/ping
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET /api/v1/status/ping HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/plain;charset=UTF-8
< content-length: 4
<
* Connection #0 to host localhost left intact
pong ❯ curl -v http://localhost:8080/api/v1/status/ping
* processing: http://localhost:8080/api/v1/status/ping
* Trying [::1]:8080...
* Connected to localhost (::1) port 8080
> GET /api/v1/status/ping HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/8.2.1
> Accept: */*
>
* Empty reply from server
* Closing connection
curl: (52) Empty reply from server
And of course, in true Docker fashion, I can't downgrade to 4.23.0 because they nuked the download from the website. What a cluster. |
This solved my problem: docker/for-win#13209 (comment) |
Description
On some containers, I can only connect with the published port from localhost. Doesn't work if I try connecting from the local IP.
Reproduce
Expected behavior
I should be able to connect with the port
docker version
Client: Docker Engine - Community Version: 26.1.0 API version: 1.45 Go version: go1.21.9 Git commit: 9714adc Built: Mon Apr 22 17:07:06 2024 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 26.1.0 API version: 1.45 (minimum version 1.24) Go version: go1.21.9 Git commit: c8af8eb Built: Mon Apr 22 17:07:06 2024 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.31 GitCommit: e377cd56a71523140ca6ae87e30244719194a521 runc: Version: 1.1.12 GitCommit: v1.1.12-0-g51d5e94 docker-init: Version: 0.19.0 GitCommit: de40ad0
docker info
Additional Info
The server where I am encountering this issue is running Debian 12
The text was updated successfully, but these errors were encountered: