ANSWERED Port Forwarding Not Working Docker

[rockman193 0]

Okay so I'm trying to port forward plex and qbittorrent but testing it using Airvpn returns " Connection timed out (110) " and using https://www.yougetsignal.com/tools/open-ports/ tells me that both ports are closed. The setup I have is a bit complicated since Plex and Qbittorrent are running in docker along with an openvpn-client to connect to Airvpn.  Docker is running in vm using Fedora CoreOS and the vm is running on a machine with a Fedora Server. I tried different ports, rebooting the machines and temporarily disabling the firewall on the vm and host but its still no working. Also, I'm behind a carrier grade nat but to my understanding that should not affect port forwarding using Airvpn, right? So not exactly sure were the problem is.

[OpenSourcerer 1435]

On 1/7/2023 at 10:04 PM, rockman193 said:

So not exactly sure were the problem is.

Is there a particular reason why you use a dedicated OpenVPN client as a container when you can simply connect to the VPN in the VM and avoid so, so much pain?

Having this written, what I get is this: Three containers are running, presumably in an internal container network, on a VM that is running on a host. One of the containers connects to AirVPN and the other two containers are configured to use the network of the OpenVPN client. The problem is that these internal networks have IP addresses of their own, so you will need port forwarding rules on the OpenVPN container. But as this is a container, I don't know whether xtables or nf_tables are even usable.

[rockman193 0]

Well original I set it up so that only qbittorrent was connected to VPN because its the only one that needed it. Plus, I wanted to automate it, the way I set it up the vm starts and it auto
start docker thru portainer (management gui) and all the containers. I have about 15 running and many of the times its easier than installing the software using regular methods especially
if your distro does not have it in its repo and you have to compile from source, check out reddit or linuxserver.io or youtube for more info. The idea is to have a simple and easy to maintain
setup after the initial pain which in theory should not be so painful but it never is in my experience.

I connected the whole vm to VPN and it works as expected now and was able to confirm it with Airvpn and an external website.

The way you describe the setup is correct except that all the containers have the same ip address. I set it up so that the three containers are running in a new docker virtual network,
named vpn-network where I set a static ip of 172.27.0.2 for all the containers. Double checked this by running ip a inside the containers.

So after some troubleshooting I narrowed down the problem to misconfiguration with openvpn-client image I'm using with docker. It seems you need to setup port forwarding for the VPN port itself (like you mentioned)
in the config of the container (no need to worry about iptables/nftables just give it the variable and port you want in the config and the docker image takes care of the rest i.e. VPNPORT=21300) and I was only setting it up
between the docker containers and the vm host without adding the port for the VPN itself (thinking that was the only think needed, an obvious oversight in hinsight). Since docker allows you to set port forwarding when
creating containers if you are using docker's internal virtual network and not the host. So for example you can set the container port to 443 but expose it to the computer running docker has port 21300 or 443 or any other
port you want. I hope that explanation makes sense since docker is relatively simple after you spend a few/several hours with it. I only use it has a hobbyist but has I understand it for people using in production it fixes a lot of issues. 

Thank for the help, after you mentioned that "you will need port forwarding rules on the OpenVPN container" and verifying that the VPN works on the whole machine. I was able to find and fix the issue, and like
many of the times is was a simple fix

[OpenSourcerer 1435]

On 1/11/2023 at 4:22 AM, rockman193 said:

I hope that explanation makes sense since docker is relatively simple after you spend a few/several hours with it.

Everything is simple when you spend time with it.
 

On 1/11/2023 at 4:22 AM, rockman193 said:

Thank for the help, after you mentioned that "you will need port forwarding rules on the OpenVPN container" and verifying that the VPN works on the whole machine. I was able to find and fix the issue, and like
many of the times is was a simple fix 

Glad I could help. Enjoy!

[choline_bugler_0b 0]

@rockman193 can you share the docker compose that you got port forwarding working? I’m also using portainer, but I can’t get it to work.