No SSH , No Web interface

    What kind of problem? The same as before?


    If the container insists on setting a firewall deny rule, you could try to install a firewall and open the ports you need in addition.

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

    Zitat von Zoki

    What kind of problem? The same as before?


    If the container insists on setting a firewall deny rule, you could try to install a firewall and open the ports you need in addition.

    no, not the same (SSH and Web interface are ok now) but i still can't go to portainer when the container is launched

    to resume :

    if i do docker stop transmission-openvpn, and i reboot, it's ok

    but if i start it in portainer, i lose the access to portainer. but curl -v http://localhost:9000 is ok

    i use those parameters of the container :



    UFW_EXTRA_PORTS22,80,443,9000,8000,135,137,138,139,445


    As i understood, with the 2nd line, all machine on the same gateway than the NAS should pass



    UFW_ALLOW_GW_NETtrue
    Code
    root@bart-nas:~# docker ps -a
CONTAINER ID   IMAGE                                 COMMAND                  CREATED      STATUS                    PORTS                                                                                            NAMES
0d9e42764826   haugene/transmission-openvpn:latest   "dumb-init /etc/open…"   5 days ago   Exited (0) 26 hours ago                                                                                                    transmission-openvpn
14d2d64581c4   portainer/portainer-ce                "/portainer"             6 days ago   Up 25 hours               0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp, 9443/tcp   portainer

    i don't know how to have to FW rules, but as you see, portainer is on the 9000 and i have it in UFW_EXTRA_PORTS

    You get the firewall rules with the iptables -L and iptables-legacy -L commands you already learned.


    The transmission container is stopped, can you please check the accessability with and without having the container running.

    I am still not exactly sure, how this situation happens .

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

    Ho ok, sorry, i didn't make the link between what you asked and the commands. This is :


    When Container stoped, portainer reachable :

    And

    Code
    root@bart-nas:~# iptables-legacy -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

    and after reboot, container is started, i can't reach portainer , that's weird, the 9000 port is on the list :

    and the end :

    From what I see:

    • Before starting the transmission container docker is setting the correct rules in the iptables chain,
      the iptables-legacy chain is left default (accept all)
    • When you start the transmission container the container uses the ufw firewall frontend to add new rules, using the iptables-legacy filter chain and the iptables chain is left in the original state.

    In short: there are conflicting firewall rules becasue (i guess to programs use different approaches for setting firewall rules)


    I am not an expert on this (allways use easy ufw frontend), but you can try

    - to switch in the OMV UI which IP-tables docker is using and try if this works or

    - ask the maintainers of the transmission image for a solution. You should not be the only one having this issue with this docker image.


    Or you have to learn ip firewalling and build your own rules (lot of work)

    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

    thanks for all your answers and the time you spend to try to help me.


    I don't understand what you say with " to switch in the OMV UI which IP-tables docker is using and try if this works or" i don't have anything in OMV UI about IP-tables or firewall or i don't find them


    I'm looking on Github to try to find a help ...


    I've find some infos in the container image :

    the thing i don't understand is port 22 (SSH), 80 (web interface) are ok , but not the 9000 (portainer) but in the conf and log , they are the same ... I continue to search, if i find, i'll post here in case someone have the same problem ;)

    This is what is meant:


    The difference regardingthe ports is that 22, 80 and 443 are served on the host, but 9000 is in a docker container and iptables needs to allow forwarding packages sent to 192.186.0.31 to the docker container with IP 172.17.0.2

    Here are the rules when it is working (extract only)


    If you got help in the forum and want to give something back to the project click here (omv) or here (scroll down) (plugins) and write up your solution for others.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden