TCP_OUT Blocked for docker containers

Post Reply
klodoma
Junior Member
Posts: 5
Joined: 19 Sep 2019, 14:18

TCP_OUT Blocked for docker containers

Post by klodoma »

I am trying to install owncloud on a Ubuntu Servers as a docker container.
I am following this documentation. https://doc.owncloud.com/server/admin_m ... er-compose

If I disable CSF all works, but if it's enabled, it doesn't and I see these messages in the logs.

Now, as I see CSF is blocking the traffic between the docker containers or just the port 8080? It's not clear for me.

Any tips?

I setup CSF with ansible using the following config:

Code: Select all

csf_global_ini:
  - option: TESTING
    value: "0"
  - option: RESTRICT_SYSLOG
    value: "2"
  - option: URLGET
    value: "2"
  - option: TCP_IN
    value: "22,80,443,2096,5022,5023,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},10000:11000"
  - option: TCP_OUT
    value: "22,25,53,80,110,113,443,465,587,993,995,2096,5022,5023,5224,{{ hostvars[inventory_hostname]['ansible_port'] | default('22') }},10000:11000"
  - option: UDP_IN
    value: "53,1194"
  - option: UDP_OUT
    value: "53,113,123,1194,10000:11000"
  - option: DOCKER
    value: "1"
  - option: DYNDNS
    value: "1"
  - option: WAITLOCK
    value: "0"

csf_allow:
  - 10.40.0.0/16
  - 172.17.0.0/16 #allow docker

Code: Select all

Jul  2 00:32:20 es2cnt kernel: [2560193.733225] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=824 DF PROTO=TCP SPT=59060 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul  2 00:32:21 es2cnt kernel: [2560194.755762] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=825 DF PROTO=TCP SPT=59060 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul  2 00:32:23 es2cnt kernel: [2560196.708945] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7256 DF PROTO=TCP SPT=59070 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul  2 00:32:24 es2cnt kernel: [2560197.732198] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7257 DF PROTO=TCP SPT=59070 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul  2 00:32:26 es2cnt kernel: [2560200.382369] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1699 DF PROTO=TCP SPT=59084 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Jul  2 00:32:27 es2cnt kernel: [2560201.412034] Firewall: *TCP_OUT Blocked* IN= OUT=br-9a93e60664a4 SRC=172.21.0.1 DST=172.21.0.4 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1700 DF PROTO=TCP SPT=59084 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 UID=0 GID=0
Post Reply