No SSH , No Web interface

  • What kind of problem? The same as before?


    If the container insists on setting a firewall deny rule, you could try to install a firewall and open the ports you need in addition.

    If you got help in the forum and want to give something back to the project click here and write up your solution for others.

  • What kind of problem? The same as before?


    If the container insists on setting a firewall deny rule, you could try to install a firewall and open the ports you need in addition.

    no, not the same (SSH and Web interface are ok now) but i still can't go to portainer when the container is launched

    to resume :

    if i do docker stop transmission-openvpn, and i reboot, it's ok

    but if i start it in portainer, i lose the access to portainer. but curl -v http://localhost:9000 is ok

    i use those parameters of the container :



    UFW_EXTRA_PORTS22,80,443,9000,8000,135,137,138,139,445


    As i understood, with the 2nd line, all machine on the same gateway than the NAS should pass



    UFW_ALLOW_GW_NETtrue
  • Code
    root@bart-nas:~# docker ps -a
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    0d9e42764826 haugene/transmission-openvpn:latest "dumb-init /etc/open…" 5 days ago Exited (0) 26 hours ago transmission-openvpn
    14d2d64581c4 portainer/portainer-ce "/portainer" 6 days ago Up 25 hours 0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp, 9443/tcp portainer

    i don't know how to have to FW rules, but as you see, portainer is on the 9000 and i have it in UFW_EXTRA_PORTS

  • You get the firewall rules with the iptables -L and iptables-legacy -L commands you already learned.


    The transmission container is stopped, can you please check the accessability with and without having the container running.

    I am still not exactly sure, how this situation happens .

    If you got help in the forum and want to give something back to the project click here and write up your solution for others.

  • Ho ok, sorry, i didn't make the link between what you asked and the commands. This is :


    When Container stoped, portainer reachable :

    And

    Code
    root@bart-nas:~# iptables-legacy -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    and after reboot, container is started, i can't reach portainer , that's weird, the 9000 port is on the list :

  • and the end :

  • From what I see:

    • Before starting the transmission container docker is setting the correct rules in the iptables chain,
      the iptables-legacy chain is left default (accept all)
    • When you start the transmission container the container uses the ufw firewall frontend to add new rules, using the iptables-legacy filter chain and the iptables chain is left in the original state.

    In short: there are conflicting firewall rules becasue (i guess to programs use different approaches for setting firewall rules)


    I am not an expert on this (allways use easy ufw frontend), but you can try

    - to switch in the OMV UI which IP-tables docker is using and try if this works or

    - ask the maintainers of the transmission image for a solution. You should not be the only one having this issue with this docker image.


    Or you have to learn ip firewalling and build your own rules (lot of work)

    If you got help in the forum and want to give something back to the project click here and write up your solution for others.

  • thanks for all your answers and the time you spend to try to help me.


    I don't understand what you say with " to switch in the OMV UI which IP-tables docker is using and try if this works or" i don't have anything in OMV UI about IP-tables or firewall or i don't find them


    I'm looking on Github to try to find a help ...


    I've find some infos in the container image :

    the thing i don't understand is port 22 (SSH), 80 (web interface) are ok , but not the 9000 (portainer) but in the conf and log , they are the same ... I continue to search, if i find, i'll post here in case someone have the same problem ;)

  • This is what is meant:


    The difference regardingthe ports is that 22, 80 and 443 are served on the host, but 9000 is in a docker container and iptables needs to allow forwarding packages sent to 192.186.0.31 to the docker container with IP 172.17.0.2

    Here are the rules when it is working (extract only)


    If you got help in the forum and want to give something back to the project click here and write up your solution for others.

  • on github someone just told me to put ENABLE_FW = false and it's work, because i don't have any firewall anymore.
    That's ok for me so far

    Thank you very much for all the help, we can consider this as closed

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!