0

I have a sample docker tar image in my linux based server and ran that though docker run command as below where 9521f101839f is image id.

docker run -p 0.0.0.0:9895:9898 -td 9521f101839f

So now docker container is present and the project (rest api) works fine inside my server.

docker ps command output also looks proper:

a97904cb07d1 localhost/elk-spring-boot.jar:latest 22 minutes ago Up 22 minutes ago 0.0.0.0:9895->9898/tcp compassionate_goldberg

As you see, it's exposed to 9895 to the outside world.

 iptables -I INPUT -p tcp -m tcp --dport 9895 -j ACCEPT

Using the above iptables commands, i made sure to open 9895 port.

[root@pxgrid-163 localdisk]# iptables -nvL | grep 9895
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:9895
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9895
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9895
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:9895
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9895

But, when i try to curl from another linux based server (or from my laptop CLI) to this docker container server , it's not accessible. From inside that sever where i kept docker container , i am able to access everything properly. But from a separate server (or my laptop) when i try to do curl in order to access the api (docker run api), it's not accessible.

Is it expected behaviour? Shouldn't it be accessible from outside as well because port is exposed to outside world? Am i missing something here?

Below are the network interfaces list when i do ifconfig

Which interface_ip we're talking about here? Is it eth0? when i do ifconfig i see these many interfaces

ifconfig
cni-podman0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 10.88.0.1  netmask 255.255.0.0  broadcast 10.88.255.255

cni-podman1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 169.254.2.1  netmask 255.255.255.0  broadcast 169.254.2.255

cni-podman2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 169.254.4.1  netmask 255.255.255.0  broadcast 169.254.4.255

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.23.166.163  netmask 255.255.255.0  broadcast 172.23.166.255

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0        

veth506e78cf: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500 

veth6c80d69f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        
vethe32079e7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
Improve this question
0

2 Answers 2

Reset to default
1

Doker has its own network 172.16.0.0/12 inside your machine.

Try

-p your_interface_ip:9895:9898

Also check is ip forwarding enabled

sysctl -w net.ipv4.ip_forward=1

https://docs.docker.com/config/containers/container-networking/

https://www.docker.com/blog/understanding-docker-networking-drivers-use-cases/

Improve this answer
6
  • Which interface_ip we're talking about here? Is it eth0? I edited the post in order to show the result of ifconfig. Can you please have a look ? Commented Sep 22, 2022 at 14:06
  • Obviously address you want to connect to from laptop to server Commented Sep 22, 2022 at 14:10
  • I want to allow the access to everyone from any address to access the app through 9895 port. That's the reason i had given 0.0.0.0:9895:9898. Is my understanding wrong? Commented Sep 22, 2022 at 14:19
  • Just try... and you wiil see is it what you want. less talk and more action Commented Sep 22, 2022 at 14:23
  • if in doubt read docker documentation and blog docker.com/blog/… "accomplish task efficiently". Commented Sep 22, 2022 at 14:30
1

I had to enable IP Forwarding in my server by following below 2 steps

  1. Configure the Linux kernel to allow IP forwarding. - sysctl net.ipv4.conf.all.forwarding=1
  2. Change the policy for the iptables FORWARD policy from DROP to ACCEPT - iptables -P FORWARD ACCEPT

After this, I was able to access the api from my laptop as well as from a different server.

Improve this answer
1
  • 1
    You made my day! After trying a lot of hints this was the solution for my environment! Commented May 9, 2023 at 17:05

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.