Latest OMV7 on arm64 on Debian bookworm
Docker version is 27.3.1
I'm spinning up a very simple container running gunicorn and I'm unable to connect with the default bridge mode. On my linux desktop there are no issues so my guess is that it's some local network issue with OMV but I can't locate it. Note this is prior to using the compose plugin. I just want to start with a known good state before adding another layer on top.
Docker command: docker run -p 5000:5000 --name sensors --mount source=sensorsVolume,destination=/db xxxx/sensors:latest
Any connections to port 5000 fail. I know that gunicorn is listening to port 5000 as per the container logs
[2024-10-10 02:10:58 +0000] [1] [INFO] Starting gunicorn 23.0.0
[2024-10-10 02:10:58 +0000] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
On a different host to the server
QuoteDisplay More$ curl -v http://192.168.86.250:5000/
* Trying 192.168.86.250:5000...
* connect to 192.168.86.250 port 5000 failed: No route to host
* Failed to connect to 192.168.86.250 port 5000 after 3075 ms: No route to host
* Closing connection 0
curl: (7) Failed to connect to 192.168.86.250 port 5000 after 3075 ms: No route to host
Request also fails on localhost on the server
QuoteDisplay More# curl -v http://localhost:5000/
* Trying 127.0.0.1:5000...
* Connected to localhost (127.0.0.1) port 5000 (#0)
> GET / HTTP/1.1
> Host: localhost:5000
> User-Agent: curl/7.88.1
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
If I switch to host mode then everything works but it's a big hammer I'd rather not use and I'd like to get to the bottom of this issue.
I've also quickly spun up a simple python server (python3 -m http.server 5000) and it accepts connection so appears to be a Docker networking issue.
I looked at the logs from 'journalctl docker.service' but nothing shows up. There are some messages about DNS (No non-localhost DNS nameservers are left in resolv.conf. Using default external servers) but doubt this is relevant.
There's also nothing in /etc/docker
QuoteDisplay More# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: end0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 64:62:66:d0:08:d6 brd ff:ff:ff:ff:ff:ff
inet 192.168.86.250/24 metric 100 brd 192.168.86.255 scope global dynamic end0
valid_lft 13153sec preferred_lft 13153sec
inet6 fdb3:62f5:4651:1:ccec:f060:4721:79b8/64 scope global temporary dynamic
valid_lft 531255sec preferred_lft 12796sec
inet6 fdb3:62f5:4651:1:850f:225e:97eb:9b27/64 scope global temporary deprecated dynamic
valid_lft 444916sec preferred_lft 0sec
inet6 fdb3:62f5:4651:1:6bf4:e4b4:b94:a1dc/64 scope global temporary deprecated dynamic
valid_lft 358577sec preferred_lft 0sec
inet6 fdb3:62f5:4651:1:5870:9c2f:f9f1:5301/64 scope global temporary deprecated dynamic
valid_lft 272238sec preferred_lft 0sec
inet6 fdb3:62f5:4651:1:9af9:f669:288:d49e/64 scope global temporary deprecated dynamic
valid_lft 185898sec preferred_lft 0sec
inet6 2406:5a00:343a:fc00:cfe5:2698:a779:1584/64 scope global temporary deprecated dynamic
valid_lft 327sec preferred_lft 0sec
inet6 2406:5a00:343a:fc00:6662:66ff:fed0:8d6/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 327sec preferred_lft 327sec
inet6 fdb3:62f5:4651:1:f16a:564b:359a:865/64 scope global temporary deprecated dynamic
valid_lft 99559sec preferred_lft 0sec
inet6 fdb3:62f5:4651:1:6662:66ff:fed0:8d6/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 2591759sec preferred_lft 604559sec
inet6 fe80::6662:66ff:fed0:8d6/64 scope link
valid_lft forever preferred_lft forever
4: enx646266d008d7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 64:62:66:d0:08:d7 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:fc:cf:20:95 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:fcff:fecf:2095/64 scope link
valid_lft forever preferred_lft forever
36: br-4a76e3a9c6a4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:6c:d8:d1:b2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::42:6cff:fed8:d1b2/64 scope link
valid_lft forever preferred_lft forever
QuoteDisplay More# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Any pointers appreciated