unraiduser22 Posted July 6, 2022 Share Posted July 6, 2022 (edited) I've been working on this for a day or so now, but have yet to figure out why I am unable to connect to qbittorrent-vpn (hotio) WebUI in bridge mode. The VPN itself is confirmed to be working via `curl ifconfig.io` and returns an IP address that is different than my home IP address. My router is a UDM Pro and I have not setup anything in terms of port forwarding, VLANs, etc... so it may be something there that I have to do? I'm not sure. My port mapping is the following: 172.17.0.2:8080/TCP <-> 192.168.1.47:8080 Container settings: My network settings for `eth0`: Routing table: Log for the docker container: ---------------------------------------------------------------------- ENVIRONMENT ---------------------------------------------------------------------- PUID=99 PGID=100 UMASK=002 TZ=America/Los_Angeles WEBUI_PORTS=8080/tcp,8080/udp VPN_ENABLED=true VPN_LAN_NETWORK=192.168.1.0/24 VPN_CONF=wg0 VPN_ADDITIONAL_PORTS= VPN_IP_CHECK_DELAY=5 PRIVOXY_ENABLED=false ---------------------------------------------------------------------- Executing usermod... Applying permissions to /config [cont-init.d] 00-start-container: exited 0. [cont-init.d] 01-configure-app: executing... [cont-init.d] 01-configure-app: exited 0. [cont-init.d] 02-setup-wg: executing... [INFO] Docker network type is not set to "host". [INFO] "sysctl net.ipv4.conf.all.src_valid_mark=1" is set. [INFO] Configuration file "/config/wireguard/wg0.conf" was found. [INFO] WireGuard is down. Continuing... [INFO] Starting WireGuard... skipping setting net.ipv4.conf.all.src_valid_mark [INFO] WireGuard is started. [INFO] WebUI ports are "8080/tcp,8080/udp". [INFO] Additional ports are "". [INFO] WireGuard remote is "[redacted]:51820". [INFO] Docker network interface is "eth0". [INFO] Docker network IP is "172.17.0.2". [INFO] Docker network CIDR is "172.17.0.0/16". [INFO] Adding "192.168.1.0/24" as route via interface "eth0". [INFO] ip route overview: default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2 192.168.1.0/24 via 172.17.0.1 dev eth0 [INFO] Configuring iptables... [INFO] ipv6 is disabled, we will not set ip6tables rules. [INFO] iptables overview: -P INPUT DROP -P FORWARD DROP -P OUTPUT DROP -A INPUT -i wg0 -p udp -m udp --dport 8080 -j DROP -A INPUT -i wg0 -p tcp -m tcp --dport 8080 -j DROP -A INPUT -i wg0 -p udp -j ACCEPT -A INPUT -i wg0 -p tcp -j ACCEPT -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 51820 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT -A OUTPUT -o wg0 -p udp -m udp --sport 8080 -j DROP -A OUTPUT -o wg0 -p tcp -m tcp --sport 8080 -j DROP -A OUTPUT ! -o wg0 -m mark ! --mark 0xca6c -m addrtype ! --dst-type LOCAL -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -o wg0 -p udp -j ACCEPT -A OUTPUT -o wg0 -p tcp -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 51820 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --sport 8080 -j ACCEPT [INFO] Delaying ip check by 5 seconds... [INFO] Your old ipv4 is "[redacted]", your new ipv4 is "[redacted]". [cont-init.d] 02-setup-wg: exited 0. [cont-init.d] 03-setup-privoxy: executing... [cont-init.d] 03-setup-privoxy: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. ******** Information ******** To control qBittorrent, access the WebUI at: http://localhost:8080 Edited July 6, 2022 by unraiduser22 Quote Link to comment
JorgeB Posted July 6, 2022 Share Posted July 6, 2022 Best bet is to use the container's existing support options: Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.