Vyos container missing ports

yikyo · August 25, 2023, 12:48pm

problem: 3 ports mapped, only the last port is mapped

version: 1.4-rolling-202308240020

config

set container name adguardhome image 'adguard/adguardhome:v0.107.36'
set container name adguardhome network proxy
set container name adguardhome port dns-tcp destination '53'
set container name adguardhome port dns-tcp protocol 'tcp'
set container name adguardhome port dns-tcp source '53'
set container name adguardhome port dns-udp destination '53'
set container name adguardhome port dns-udp protocol 'udp'
set container name adguardhome port dns-udp source '53'
set container name adguardhome port http destination '80'
set container name adguardhome port http protocol 'tcp'
set container name adguardhome port http source '80'
set container name adguardhome restart 'always'
set container name adguardhome volume config destination '/opt/adguardhome/conf'
set container name adguardhome volume config source '/home/yikyo/container/adguardhome/config'
set container name adguardhome volume data destination '/opt/adguardhome/work'
set container name adguardhome volume data source '/home/yikyo/container/adguardhome/data'
set container network proxy description 'proxy network'
set container network proxy prefix '10.10.10.0/24'

show container

	NAMES	PORTS	…
actual result	adguardhome	0.0.0.0:80->80/tcp	…
expected result	adguardhome	0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp,0.0.0.0:80->80/tcp,	…

jagekurt · August 25, 2023, 1:38pm

Hello,

Do you have DNS forwarding configured? Because it will already listen on port 53 which will prevent this container from also listening on that port. You will also need net-bind-service to bind to a privileged port so I am confused that it works for port 80.

set container name adguardhome cap-add net-bind-service

I personally struggled a bit with getting containers to listen to privileges ports. What I did instead is that I configured a non-standard DNS port as the listening port for my container, and configured the DNS forwarding to go to that instead and all my DNS clients would consume DNS from VyOS VLAN interface instead.

To see if something else is listening on that port you can use netstat:

sudo netstat -ntulp

My configuration can be seen in another forum post: Encrypt DNS requests to WAN - #2 by jagekurt

sarthurdev · August 25, 2023, 1:47pm

I’ve created a PR to fix this issue: container: T5463: Fixes indentation to publish all port nodes by sarthurdev · Pull Request #2171 · vyos/vyos-1x · GitHub

Thanks for reporting the issue.

yikyo · August 25, 2023, 1:52pm

It’s great that the problem was solved so quickly
thanks

yikyo · August 25, 2023, 2:06pm

I don’t have DNS forwarding configured，I use adguardhome directly as a dns server

I run this command and nothing happens.

set container name adguardhome cap-add net-bind-service

Run this command

sudo netstat -ntulp | grep 53


tcp	0	0	127.0.0.1:2601	0.0.0.0:*	LISTEN	853/zebra
udp	0	0	10.10.10.1:53	0.0.0.0:*		3290/aardvark-dns

jagekurt · August 25, 2023, 2:13pm

Are you able to commit without any errors when you use source 53 on both TCP and UDP for the port mapping?

yikyo · August 25, 2023, 2:45pm

Yes, there are no errors.

But I modified the file /usr/libexec/vyos/conf_mode/container.py according to the PR of sdev
I can’t commit successfully, the config source is port 53

yikyo · August 25, 2023, 3:03pm

It’s great that the problem was solved so quickly
thanks

system · August 27, 2023, 3:03pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.