All geek questions in one place

Pptpd in docker stops working after container reboot

I am creating a docker image via Dockerfile :

# # Dockerfile for pptpd # FROM debian:jessie MAINTAINER kev< noreply@datageek.info > RUN apt-get update \ && apt-get install -y iptables pptpd \ && rm -rf /var/lib/apt/lists/* COPY pptpd.conf /etc/ COPY chap-secrets /etc/ppp/ COPY pptpd-options /etc/ppp/ EXPOSE 1723 CMD iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE \ && pptpd --fg

before rebooting

 $ docker pull vimagick/pptpd $ docker run -d --name pptpd_pptpd_1 -p 1723:1723 --privileged vimagick/pptpd $ tcpdump -ni eth0 proto gre 13:21:16.877858 IP 1.2.3.4 > 5.6.7.8: GREv1, call 16501, seq 0, length 40: LCP, Conf-Request (0x01), id 1, length 26 13:21:16.944894 IP 5.6.7.8 > 1.2.3.4: GREv1, call 512, seq 0, length 40: LCP, Conf-Request (0x01), id 1, length 26 13:21:16.945002 IP 1.2.3.4 > 5.6.7.8: GREv1, call 16501, seq 1, ack 0, length 44: LCP, Conf-Ack (0x02), id 1, length 26 13:21:16.945932 IP 5.6.7.8 > 1.2.3.4: GREv1, call 512, seq 1, length 25: LCP, Conf-Nack (0x03), id 1, length 11 13:21:16.946006 IP 1.2.3.4 > 5.6.7.8: GREv1, call 16501, seq 2, ack 1, length 45: LCP, Conf-Request (0x01), id 2, length 27 13:21:16.984018 IP 5.6.7.8 > 1.2.3.4: GREv1, call 512, seq 2, length 41: LCP, Conf-Ack (0x02), id 2, length 27 13:21:16.984224 IP 1.2.3.4 > 5.6.7.8: GREv1, call 16501, seq 3, ack 2, length 26: LCP, Echo-Request (0x09), id 0, length 10

after reboot

 $ docker restart pptpd_pptpd_1 $ tcpdump -ni eth0 proto gre 13:31:32.071308 IP 5.6.7.8 > 1.2.3.4: GREv1, call 256, seq 0, length 40: LCP, Conf-Request (0x01), id 1, length 26 13:31:35.123217 IP 5.6.7.8 > 1.2.3.4: GREv1, call 256, seq 1, length 40: LCP, Conf-Request (0x01), id 1, length 26 13:31:40.112179 IP 5.6.7.8 > 1.2.3.4: GREv1, call 256, seq 2, length 40: LCP, Conf-Request (0x01), id 1, length 26 13:31:41.111172 IP 5.6.7.8 > 1.2.3.4: GREv1, call 256, seq 3, length 40: LCP, Conf-Request (0x01), id 1, length 26
  • Server:
    • eth0: 1.2.3.4
    • docker0: 192.168.42.1
  • client: 5.6.7.8

I noticed that after rebooting the ip container has changed (192.168.42.2 → 192.168.42.3). I turn on / off the firewall, the result is the same.
Do I need an iptables rule to work again? Thanks!

UPDATE: I can add the --net host option to get around this problem.

0
source share
1 answer

When I edit /etc/default/ufw this gives me some hint:

 # Extra connection tracking modules to load. Complete list can be found in # net/netfilter/Kconfig of your kernel source. Some common modules: # nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support # nf_conntrack_netbios_ns: NetBIOS (samba) client support # nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT # nf_conntrack_ftp, nf_nat_ftp: active FTP support # nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side) IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"

After executing the command below, everything returns to normal operation.

 modprobe nf_conntrack_pptp nf_nat_pptp
+1
source

Source: https://habr.com/ru/post/1270495/

More articles:


All Articles