Jeremy Levy Posted November 7, 2024 Posted November 7, 2024 (edited) Everything come from a try to create a docker compose project. Armbian 24.8.4 bookworm on OrangePI zero 2 - Network forwarding doesn't work: ``` version: '3.6' services: db: image: mariadb:10.3 environment: MYSQL_ROOT_PASSWORD: secret phpmyadmin: image: phpmyadmin restart: always ports: - 8080:80 environment: - PMA_HOSTS=db ``` => FROM test-db-1 => test-db-1 3306 ``` docker exec -ti test-db-1 bash -c 'timeout 0.5 echo -n 2>/dev/null < /dev/tcp/test-db-1/3306 && echo "open" || echo "closed"' ----------- open ----------- ``` => FROM test-phpmyadmin-1 => test-db-1 3306 ``` docker exec -ti test-phpmyadmin-1 bash -c 'timeout 0.5 echo -n 2>/dev/null < /dev/tcp/test-db-1/3306 && echo "open" || echo "closed"' ----------- closed ----------- ``` lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Armbian 24.8.4 bookworm Release: 12 Codename: bookworm uname -a Linux xxxxxx-pre 6.6.44-current-sunxi64 #1 SMP Sat Aug 3 06:54:42 UTC 2024 aarch64 GNU/Linux ``` OrangePI Zero v2 Network forwarding doesn't work ### How to reproduce? ``` ip -4 addr show scope global 2: end0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 inet 192.168.1.135/24 metric 100 brd 192.168.1.255 scope global dynamic end0 valid_lft 587718sec preferred_lft 587718sec cat /proc/sys/net/ipv4/ip_forward 1 iptables -A PREROUTING -t nat -i lo -p udp --dport 2222 -j DNAT --to 127.0.0.1:22 iptables -A PREROUTING -t nat -i lo -p tcp --dport 2222 -j DNAT --to 127.0.0.1:22 iptables -A FORWARD -p tcp -d 127.0.0.1 --dport 2222 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG --log-prefix "IPT FORWARD packet" iptables -A POSTROUTING -t nat -j MASQUERADE -o lo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -j ACCEPT iptables -A OUTPUT -j ACCEPT iptables -A FORWARD -j ACCEPT ``` ssh -l root -p 22 localhost => OK ssh -l root -p 2222 localhost => KO ``` iptables -A INPUT -j ACCEPT iptables -A OUTPUT -j ACCEPT iptables -A FORWARD -j ACCEPT iptables -A PREROUTING -t nat -i end0 -p udp --dport 2222 -j DNAT --to 192.168.1.135:22 iptables -A PREROUTING -t nat -i end0 -p tcp --dport 2222 -j DNAT --to 192.168.1.135:22 iptables -A FORWARD -p tcp -d 192.168.1.135 --dport 2222 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG --log-prefix "IPT FORWARD packet" iptables -A POSTROUTING -t nat -j MASQUERADE -o end0 iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT ``` ssh -l root -p 22 192.168.1.135 => OK ssh -l root -p 2222 192.168.1.135 => KO ### Branch main (main development branch) ### On which host OS are you running the build script and observing this problem? Ubuntu 24.04 Noble ### Are you building on Windows WSL2? - [ ] Yes, my Ubuntu/Debian/OtherOS is running on WSL2 ### Relevant log URL _No response_ ### Code of Conduct - [X] I agree to follow this project's Code of Conduct Edited November 7, 2024 by Jeremy Levy 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.