Services Cannot Reach Each Other on Same Server!
-
Hey all,
I have a Synology running Docker and a bunch of dockers. I also have a Reverse Proxy on that same Synology and I use subdomains for each docker (service). I also have split-DNS pointing my public.domain to the Synology's IP. Then, I switched firewalls and it stopped working.
On my EdgeRouter, everything was working perfectly.
On my new pfSense, service1.public.domain cannot talk to service2.public.domain. In fact, the services can't even communicate with IP:port.
Any ideas? I'm lost.
Here's my firewall config:
-
Also, seeing this in logs:
The source is the IP and port of the service that I'm trying to reach. I have no idea what that 172 nonsense is. If anyone knows, I'd appreciate the education.
-
I'm starting to think this is related to how Docker bridges the host network. I just noticed that the bridge network uses the 172 address space.
Again, this was working perfectly on my EdgeRouter, so I feel like this is something in pfSense. Maybe I need to create a static route between the bridge network and the main network?
-
@ashkaan
The blocks you see in the log are out of state. pfSense is a stateful firewall, maybe your former router wasn't.Out of state packets refer to asymmetric routing. So presumably request and response packets take different routes due to a fault network configuration.
Since I don't know your network set up and from where you go to where and cannot give more hints.
-
@viragomann Yep, that’s definitely the difference. Upon switching, most of my network broke and it’s been challenging getting each piece back to function. However, it’s been an excellent learning experience.
I think this issue may relate to a concession I made to fix a different problem. Thanks so much.