Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Docker Subnet Can't Reach WAN

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 236 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      ne0trace
      last edited by

      Hello,

      I have a DMZ setup (10.10.1.0/24) on specific port (guest is running on ESXi) on my PFsense. All that is running great but an app/service provided by docker can't reach any hosts. It looks like the app provided uses 172.17.0.0/24 and 172.20.0.0/24 for their docker range but is using said range to contact PFsense.

      PFsense decides to block the traffic despite my best effort to allow these connection attempts. I'm assuming it's because the PFsense interface IP is 10.10.1.1 and no other source subnet traffic is allowed.

      I can't change the internals of the app for obvious reasons but was expecting to be able to allow other sources via rules. What's the best solution here?

      Routing table attached:
      Kernel IP routing table

      Destination Gateway Genmask Flags Metric Ref Use Iface
      0.0.0.0 10.10.1.1 0.0.0.0 UG 0 0 0 ens192
      10.10.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ens192
      172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
      172.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker_gwbridge

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.