TCP:R blocks with open rules
-
It appears that the docker is internally NATing the traffic as the VMs IP but only part of it. The reset is not being masqueraded in iptables. I am trying to find documents about setting up docker masqurade in iptables to see if this helps.
-
@KOM So all the references I could find say that that behavior is exactly what docker does. it creates a network not in use, creates a bridge, and masquerades all traffic out the eth0 port.
That all seems setup correct but for some reason TCP:R traffic is not being masked.
I tried editing the iptables on the server but logs still are happening...If anyone is an iptables master and wants to see let me know.
I tried to post pics but the site keeps blocking me as spam -
If everything is working correctly and you're just tired of the log spam, you could create your own custom rule to block that traffic and set it to not log.
-
@KOM I believe everything is working for the apps needed traffic but the state table is filling up and nothing is closing because the reset is blocked.
I created a rule to allow the traffic but it's not working because its not a routed network on the interface and I dont know how to fix that...
Granted the system should be bridging and masking all traffic out eth0 as 192.168.5.2 and not 172.17.0.2 so I am in other forums trying to fix that but also dont want issues from reset blocks and state table. And if they cant fix it on the server then i want the firewall to allow it -
Hi Kom,
Have this been resolved, im sitting with the same issue.
-
@Moh not on my end... but I gave up trying
-
@rml_52 said in TCP:R blocks with open rules:
not on my end... but I gave up trying
Do you still run docker on that port? i assume you ran Storj?
-
@Moh yes. It seems that docker is not being masquerading properly and sending traffic using the 172 private IP instead of the the configured IP for eth0 and the pfsense firewall doesnt know how to handle it
-
@Moh I bumped your rep by one. I think you have to have at least 5 or your posts get filtered a lot harder.
-
@rml_52 I have fixed my issue today, i have switch my storagenode docker from "bridge" network to use the "host" network. Then allowed the rules on Linux to let traffic through for the port.
