Issue: Connect to exposed ports goes to the wrong container when connecting from the host running docker

rtau-t24 · March 5, 2018, 6:13am

Connect to exposed ports goes to the wrong container when connecting from the host running docker

opened 04:47AM - 28 Feb 18 UTC

closed 12:27AM - 11 Jul 18 UTC

kind/bug area/networking version/1.6

**Rancher versions:** rancher/server: v1.6.14 rancher/agent: v1.2.9 **Infra…structure Stack versions:** healthcheck: v0.3.3-1 ipsec: v0.2.2 network-services: v0.2.8 scheduler: v0.8.3 kubernetes (if applicable): **Docker version: (`docker version`,`docker info` preferred)** ``` Client: Version: 17.06.2-ce API version: 1.30 Go version: go1.8.3 Git commit: cec0b72 Built: Tue Sep 5 20:00:17 2017 OS/Arch: linux/amd64 Server: Version: 17.06.2-ce API version: 1.30 (minimum version 1.12) Go version: go1.8.3 Git commit: cec0b72 Built: Tue Sep 5 19:59:11 2017 OS/Arch: linux/amd64 Experimental: false ``` **Operating system and kernel: (`cat /etc/os-release`, `uname -r` preferred)** ``` $ cat /etc/os-release NAME="Ubuntu" VERSION="16.04.4 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.4 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/" SUPPORT_URL="http://help.ubuntu.com/" BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/" VERSION_CODENAME=xenial UBUNTU_CODENAME=xenial ``` **Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO)** Bare-metal **Setup details: (single node rancher vs. HA rancher, internal DB vs. external DB)** HA rancher, external DB **Environment Template: (Cattle/Kubernetes/Swarm/Mesos)** Cattle **Steps to Reproduce:** 1. Add a host 2. Allocate 2 IP to the host 3. Add both of them in "Scheduler IPs" 4. Schedule two services, exposing the same port 5. Make sure the two services are listening on different IPs on the host 6. Verify, from another host, that both of the services are reachable on the same port, from the respective IPs listed in the previous step 7. Repeat the previous step from the host added in step 1 **Results:** We would expect when connecting to the same port but different destination IP on the same host hosting the services, the connections should go to the respective services. However, currently only one of the services is reachable, no matter which IP address is used. Digging into more details on the host, on the IPtables, table `nat`, chain `CATTLE_PREROUTING`, proper destination address filtering was observed, but not on the chain `CATTLE_OUTPUT`, which the rules should be added by https://github.com/rancher/plugin-manager/blob/master/hostports/watcher.go#L100.

Topic		Replies	Views
In the same host, within the container cannot access the exposed ports of the other container or itself via the host's IP	0	830	January 11, 2017
Hosts are not connecting Rancher 1.x	1	931	November 21, 2017
Rancher server behind router in VM Rancher 1.x	1	1292	June 5, 2016
Issue with network agents Rancher 1.x	5	2369	August 19, 2015
Rancher server and agent on same vps Rancher	5	3028	June 18, 2018

Issue: Connect to exposed ports goes to the wrong container when connecting from the host running docker

Related topics