I need to xdebug something that fails on the server in a docker container and from my laptop I have ran ssh -R 9000:localhost:9000 server and verified the tunnel by telnet localhost 9000. So far so good, I got a connection.
Now, on the server I did
iptables -t nat -I PREROUTING -p tcp -d 172.17.42.1 --dport 9000 -j DNAT --to 127.0.0.1:9000
Finally I have committed the problematic docker instance and ran
docker run --net=host -t -i snapshot /bin/bash
Inside the container telnet 172.17.42.1 9000 refuses connection.
Answer
I ran into this same issue, except I had two containers wired together with --link, so --net=host wont work for that situtaiton.
When doing an ssh port forward to the remote host using ssh -R 9000:localhost:9000 server, an lsof -P -i -n may show that the port is bound to the servers loopback device, which looks like this:
sshd 39172 ubuntu 9u IPv4 2941407 0t0 TCP ::1:9000 (LISTEN)
That loopback interface is not available to the network inside of the docker container. I remedied this by adding GatewayPorts yes to the sshd_config file on the server and restarting sshd.
The forwarded port 9000 is then bound to the normal interface and available from inside the docker container. (and from any other host for that matter).
No comments:
Post a Comment