Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    hetzner private network with pfsense and a docker host - weird connectivity issue

    Scheduled Pinned Locked Moved Virtualization
    hetznerdockerrouting
    1 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nuclearstrength
      last edited by

      I have a pfsense instance and a docker host, both on an hetzner private cloud network.
      this is the design
      https://imagebin.ca/v/5NNDpuDwq9PT

      I followed this guide:
      https://community.hetzner.com/tutorials/how-to-route-cloudserver-over-private-network-using-pfsense-and-hcnetworks

      the docker host has no direct accesso to the internet, it has to go through the pfsense box, the hetzner private network has a route that redirects for all destinations through 10.0.10.2 (as instructed in the hetzner guide)
      https://imagebin.ca/v/5NNEp6IW50ZT

      the docker host and pfsense box can reach each other via ping, the docker host can reach the internet without problems, I will need firewall rules but for the moment everything is wide open.

      the docker containers can't reach the outside when making any https request that is too long, see following logs:
      https://imagebin.ca/v/5NNG5mOOF3ZY

      the error is "TCP Previous segment not captured"

      Do you guys have any suggestion as where the issue might be? I'm quite certain it's not within the docker networking and neither with the hetzner private network, https transfer between the containers and the docker host do work, https transfer between the host and the internet do work as well, https transfers between the containers and the internet generate the above mentioned error.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.