0

I got a server running a Wireguard VPN on 10.0.1.254/24 and Docker is running on 172.17.0.1/16.

My docker-compose.yaml looks like this (simplified):

services: container_a: image: nginx:latest ports: - '10.0.1.254:80:80' container_b: image: alpine:latest

Now, I can reach nginx using wget http://10.0.1.254 on the host. I can also reach it the same way from a VPN peer (e.g. 10.0.1.1). But when I try to do this from within another Docker container (e.g. docker compose exec container_b wget http://10.0.1.254) I get a timeout. However, I can ping the host (docker compose exec container_b ping 10.0.1.254).

My guess is that this has something to do with the way Docker maps ports on the host. But I can't find much information about this. Does anyone know why this doesn't work?

Improve this question
1
  • are you sure to use the right ports and the services aare running? Commented Apr 4, 2022 at 17:03

1 Answer 1

Reset to default
0

Turns out I still had UFW installed, which was configured to allow incoming connection to this port on the wg0 interface. But the system was smart enough to take a shortcut, directly from one virtual Docker interface to the other, bypassing this ACCEPT rule for the wg0 interface.

I figured this out by using tail +1f /var/log/ufw.log, and then running the failing wget command from the other Docker container.

In my case the solution was to simply disable UFW (sudo ufw disable), as I'm not using it anyway.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.