NethServer 7.9.2009 server only (no RED interface)
Module: docker aqua
Hi, I run a docker container with mqtt server on network aqua, port 8883 is exposed on the servers br0 bridge interface. I can access the mqtt server from the hosts on the same network as the servers green interface and from other docker containers.
I use an additional VLAN which is routed to an external firewall. The VLAN is in trusted networks and a static route exists (configured in the old server manager).
Non docker services (Samba DC, file services, webservers) wortk fine from this VLAN.
The docker aqua exposed ports are not accessible.
I tried to add different firewall rules to convince shorewall not to drop this traffic. So far I cannot get it to work correctly.
Is this default behaviour? I would expect the green zone to be the allowed source, not just the vlan of the server ip. Any ldeas to fix this?
shorewall show log shows:
Jan 16 17:20:41 loc2fw:REJECT:IN=br0 OUT= SRC=192.168.10.20 DST=local server ip LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=45402 DF PROTO=TCP SPT=51408 DPT=8883 WINDOW=29200 RES=0x00 SYN URGP=0
db dockrules show: