I have a Ubuntu container (Focal) from which I am (trying) to serve a Django application via an unprivileged port (8000).
The application starts fine, and I can see that the port is being listened on:
$ python manage.py runserver 0.0.0.0:8000
Watching for file changes with StatReloader
Performing system checks...
System check identified no issues (0 silenced).
August 25, 2021 - 11:40:42
Django version 3.2.6, using settings 'blob.settings'
Starting development server at http://0.0.0.0:8000/
Quit the server with CONTROL-C.
$ ss -l
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
nl UNCONN 0 0 rtnl:systemd/1 *
nl UNCONN 0 0 rtnl:kernel *
nl UNCONN 0 0 rtnl:systemd-resolve/132 *
nl UNCONN 0 0 tcpdiag:kernel *
nl UNCONN 0 0 xfrm:kernel *
nl UNCONN 0 0 audit:systemd/1 *
nl UNCONN 0 0 audit:kernel *
nl UNCONN 0 0 fiblookup:kernel *
nl UNCONN 0 0 nft:kernel *
nl UNCONN 0 0 uevent:systemd/1 *
nl UNCONN 0 0 uevent:-2006140055 *
nl UNCONN 0 0 uevent:-1004791466 *
nl UNCONN 0 0 uevent:-1724956465 *
nl UNCONN 0 0 uevent:kernel *
nl UNCONN 0 0 uevent:systemd-logind/129 *
nl UNCONN 0 0 uevent:systemd/182 *
nl UNCONN 0 0 genl:kernel *
nl UNCONN 0 0 genl:systemd-network/114 *
nl UNCONN 0 0 crypto:kernel *
p_raw UNCONN 0 0 LLDP:eth0 *
u_str LISTEN 0 0 /run/systemd/private 30474 * 0
u_str LISTEN 0 0 /run/systemd/userdb/io.systemd.DynamicUser 30478 * 0
u_str LISTEN 0 0 /run/systemd/journal/io.systemd.journal 30506 * 0
u_str LISTEN 0 0 /run/systemd/journal/stdout 32202 * 0
u_str LISTEN 0 0 /run/dbus/system_bus_socket 33417 * 0
u_str LISTEN 0 0 /var/run/postgresql/.s.PGSQL.5432 33766 * 0
u_str LISTEN 0 0 /run/user/1001/systemd/private 39414 * 0
u_seq LISTEN 0 0 /run/udev/control 32209 * 0
raw UNCONN 0 0 *:ipv6-icmp *:*
udp UNCONN 0 0 127.0.0.53:domain 0.0.0.0:*
udp UNCONN 0 0 [fe80::216:3eff:fe8f:3d93]:dhcpv6-client *:*
tcp LISTEN 0 0 127.0.0.53:domain 0.0.0.0:*
tcp LISTEN 0 0 0.0.0.0:ssh 0.0.0.0:*
tcp LISTEN 0 0 127.0.0.1:postgresql 0.0.0.0:*
tcp LISTEN 0 0 0.0.0.0:8000 0.0.0.0:*
tcp LISTEN 0 0 *:ssh *:*
tcp LISTEN 0 0 [::1]:postgresql *:*
But connections to the port from the host time out, even though nmap says the port is open:
# nmap -sT -O postgres.monitoring
Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-25 09:46 CEST
Nmap scan report for postgres.monitoring (10.248.20.120)
Host is up (0.000033s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
8000/tcp open http-alt
MAC Address: 00:16:3E:8F:3D:93 (Xensource)
Device type: general purpose
Running: Linux 4.X|5.X
OS CPE: cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:5
OS details: Linux 4.15 - 5.6
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds
When I serve the application on the loopback interface, it’s accessible from the container, so I know the application works.
I should note that ssh connections to this container from the host also work fine.
I have not done any device configurations, but for my other containers that hasn’t been necessary (although these are all Gentoo containers). I thought maybe it’s a firewall issue? But the default Ubuntu Focal container does not have iptables installed. I installed nptables and tried sudo nft list and sudo nft flush ruleset
; the latter failed with
Error: Could not process rule: Operation not supported
flush ruleset
I’ve set the IP address of the container from inside the container itself. Is that a mistake? Should I be assigning the IP address through LXD? If so, how does that work?