Binding to wireguard interface not working
max-tet opened this issue · comments
Hi,
I have a wireguard interface like this:
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet6 fd60:1141:233e:2977:d0e:b410:d5b1:171b/64 scope global
valid_lft forever preferred_lft forever
And I am attempting to publish a container's port on this interface for the other wireguard peers.
So I start ipv6nat
like this:
docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro -v /lib/modules:/lib/modules:ro --privileged --net=host robbertkl/ipv6nat
Then I create a network like this:
docker network create --ipv6 --subnet=fd00:dead:beef::/48 -o "com.docker.network.bridge.host_binding_ipv6"=fd60:1141:233e:2977:d0e:b410:d5b1:171b my-network
As you can see, I am binding the network to the address of the wireguard interface.
Next, I run an nginx just for testing:
docker run -d -p 8080:80 --network my-network nginx
I expect to be able to to use curl [fd60:1141:233e:2977:d0e:b410:d5b1:171b]:8080
from a wireguard peer and see the nginx default page. Instead, curl throws this error:
curl: (7) Failed to connect to fd60:1141:233e:2977:d0e:b410:d5b1:171b port 8080: Connection refused
Pinging through wireguard works, so this does not seem to be the problem.
Also netstat -tulpn
lists:
tcp6 0 0 :::8080 :::* LISTEN 4116/docker-proxy
Seems like the port is not bound to the correct IP/interface.
I don't know if it helps: I am on Ubuntu 4.15.0-1021-aws
on an aws lightsail instance.
I have exhausted my knowledge here, so I am hoping for some help here.
Thanks!
@max-tet Can you post your output for iptables -nvL
and ip6tables -nvL
?
I implemented a workaround in the meantime and now I tried to reproduce the setup that caused the problem. But I simply could not do it. In fact, while trying I got it to work in the way I originally planned to. So this is no longer relevant and I am closing the issue.
(If only all bug reports were so easy to solve!