Hello again. I fixed my initial issue with this, as explained in OpenVPN client docker container into LXD container
Now I’m facing a more complex (for me) problem.
My docker-compose yaml
version: "2.1"
services:
ovpn-client:
image: jsloan117/docker-openvpn-client
container_name: ovpn-client
devices:
- /dev/net/tun
cap_add:
- NET_ADMIN
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
environment:
- OPENVPN_PROVIDER=xxxxxx
- OPENVPN_CONFIG=xxxxxx
- OPENVPN_USERNAME=xxxxxx
- OPENVPN_PASSWORD=xxxxxx
- LOCAL_NETWORK=192.168.1.0/24
- PUID=0
- PGID=0
ports:
- 9117:9117/tcp
restart: unless-stopped
jackett:
image: lscr.io/linuxserver/jackett
container_name: jackett
environment:
- PUID=0
- PGID=0
- TZ=Europe/Madrid
volumes:
- /mnt/main/docker/jackett:/config
restart: unless-stopped
depends_on:
- ovpn-client
network_mode: service:ovpn-client
If I run docker in the host, then I can access jackett using localhost:9117, or from other computer, using my_server_local_ip:9117.
If I run docker inside LXD container, I can’t access jackett service from localhost, nor using the ip of the lxd container (from the default LXD bridge network)
For diagnose purposes I did:
- Shell into the LXD container. I can curl lxd-container-name:9117, localhost:9117 and ovpn-client-docker-ip:9117
- Shell into the ovpn_service. I can curl docker-ip-for-jackett:9117 and it works.
- Set up another container using network_mode: service:ovpn-client. I can curl jackett container from it.
Feels like if docker was not opening this port outside the LXD container. I have to say that other compose stacks in the same LXD container are publishing ports without any issue.
in iptables --list-rules I see
-A DOCKER -d 172.21.0.2/32 ! -i br-859744c6d2f3 -o br-859744c6d2f3 -p tcp -m tcp --dport 9117 -j ACCEPT
What could be happening?