Host cannot connect with with any port in container

cli0 · November 17, 2021, 9:16pm

I am running on my personal machine with Ubuntu 18.04 multiple lxc containers. Each container has Ubuntu 18.04 as well. For each container I am running an application which offers a UI on https://localhost:3000/. Since every container has a local IP address then I should be able to call forth the application UI on my host machine using https://<local vm ip>:3000/ .

This doesn’t work. If I run Apache2 inside the containers, I can see the default page for http://<local vm ip> but nothing on the other application running on port 3000. I can confirm the app on port 3000 is working.

I enabled ufw in the host and container, and whitelisted/allowed several ports including 3000. Connection is still refused via many ports that I have opened.

user@pc:~$ nc -zv 10.155.120.175 22
Connection to 10.155.120.175 22 port [tcp/ssh] succeeded!
user@pc:~$ nc -zv 10.155.120.175 3000
nc: connect to 10.155.120.175 port 3000 (tcp) failed: Connection refused

I also noticed that the application logs inside the VM contained this line, but I dont know what it means in the context of app health.

Nov 17 20:38:49 server systemd[1]: app.service: Failed to reset devices.list: Operation not permitted

How can I enable ip:port access between host and lxc vm (and between lxc vms)? I want my lxc instances to be able to communicate with each other and my main host, exchange data etc.

placid_chat · November 18, 2021, 5:03am

app.service is probably the application you’re running on port 3000. I’d start by using nc to listen on the port instead of using the app first.

cli0 · November 18, 2021, 11:29am

Hello there, yes, I made the check as well. Stopped the app and checked with nc (from host) and I still get Connection Refused just like in the post.

placid_chat · November 18, 2021, 4:23pm

Then i’d disable all ufw on the host and the container, and recheck ufw rules. They’re pretty simple to trace. There should also be a UFW entry somewhere in the logs that tells you if a packet is dropped.

cli0 · November 18, 2021, 4:51pm

I tried that too. Disabled ufw on my host and container. I can connect with apache2 index.html using http://<vm ip> but not https://<vm ip>:3000/ When I test connection with nc:

user@pc:~$ nc -zv 10.155.120.175 22
Connection to 10.155.120.175 22 port [tcp/ssh] succeeded!
user@pc:~$ nc -zv 10.155.120.175 80
Connection to 10.155.120.175 80 port [tcp/http] succeeded!
user@pc:~$ nc -zv 10.155.120.175 3000
nc: connect to 10.155.120.175 port 3000 (tcp) failed: Connection refused

placid_chat · November 18, 2021, 5:05pm

Not sure about that then, but I would also try listening on the host port 3000 and connecting from the container out, just to rule out possible issues with the understanding of the situation.