Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

Unable to access simple web server docker running on FWG

Follow
Avatar
JB
  • Edited

Hi - I am testing the install of a simple web server docker image on my FWG and am currently unable to access the image’s simple web page listening on port 8080. Having read other tutorials on the configuration of docker images on the FWG, it seems this issue may be caused by a blocking firewall rule for internal LAN clients. I am just trying to run a simple Nginx docker (pulled from Docker Hub) and run with the following: $ sudo docker run -it --rm -d -p 8080:80 -- name web nginx.

 

It launches without error but can only be accessed locally from the FWG (confirmed with a “curl http://192.168.1xx.x:8080” ). All other LAN clients get a timeout response and I have also run a tcpdump on the FWG LAN interface where this docker is listening - the request packets arrive but nothing is sent back or gets back to the calling LAN client. NOTE: There was another posted solution to add a route to the default docker0 interface: sudo ip route add 172.17.0.0/16 dev docker0 table lan_routable - but I am still unable to access this web server from the LAN (192.168.100.x) after adding this rule. Thanks. J

1

Comments

2 comments

Sort by Date Votes
  • Avatar
    JB

    Just a follow-on to this and for future reference, hopefully this can be added to a simple how-to guide for docker setup and usage on Firewalla.

    To access your docker environment whether running a simple image or fully containerized (docker-compose.yml) docker, you will need to create the following ip route entries to access your docker from the LAN (and or) WAN:
    “sudo ip route add dev table lan_routable”

    repeat the same command but substitute lan_routable with wan_routable to expose the docker to the internet (be careful/considerate when doing the latter (WAN) as this could lead to bad things with your Firewalla if that docker is compromised etc).

    NOTE: The IP route changes above will need to be recreated on reboot of the Firewalla which can be configured in a startup script - see Ubiqiti and Pi-Hole docker startup scripts for examples of how to do this.

    0
    Comment actions Permalink
  • Avatar
    Ken Polleck

    Just to be clear, you need to add additional arguments to the ip route command, probably something like:

    sudo ip route add 172.17.0.0/24 dev docker0 table lan_routable

    To display the IP address of your (nginx) container, use a command like:

    sudo docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container id>

    where <container id> can be found with: 

     

    sudo docker container ls -a

    Then, point a browser on your LAN network to your Firewalla LAN address, probably:

     http://192.168.66.1:8080/

     

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post