I've run portainer image using:
docker run -d -P -p 9000:9000 portainer/portainer
But can only access the web at port 9000 locally using lynx.
I allow firewall on port 9000 both incoming and outgoing, so that shouldn't be the problem.
$sudo iptables -t filter -L -n -v | grep 9000
0 0 ACCEPT tcp — !docker0 docker0 0.0.0.0/0 172.17.0.2 tcp dpt:9000
But I have hard time interpreting NAT table, which may be the suspect.
$ sudo iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 7 packets, 420 bytes) pkts bytes target prot opt in out
source destination 415 24676 DOCKER all
— * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCALChain INPUT (policy ACCEPT 1 packets, 60 bytes) pkts bytes target
prot opt in out source destinationChain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target
prot opt in out source destination
0 0 DOCKER all — * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCALChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes
target prot opt in out source destination0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:9000
Chain DOCKER (2 references) pkts bytes target prot opt in out
source destination
0 0 RETURN all — docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp — !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9000 to:172.17.0.2:9000
Can anyone help me out here?
Update1:
I tried the same command on another Ubuntu server with the same docker version but it works. The only difference in NAT table after run & bind the container is a record of POSTROUTING that says,
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all — * eth0 10.0.0.0/8 0.0.0.0/0
But I think this may not be related, or is it?
Ubuntu 16.04
Docker version 17.05.0-ce, build 89658be
Best Answer
Thanks everyone for helping out in the comments,
It turns out I just use
nmap <host>
to check opening port and found that 9000 is not opened, though internal firewall/iptables say otherwise.then I remember that the VPS I'm using has another external firewall layer which I've to config as well. Stupid me, but I learn the basic tracing process/cmds. Thx guys!