[BUG] Ports not accessible from outside the container; hosted internally on 0.0.0.0

[PlexSheep]

On my setup, the ports of the internal mechanism of the docker container are mapped to 0.0.0.0 and only 0.0.0.0, nothing else. This means that the Server cannot be accessed from the outside. I'm not sure what causes this.

This is what i got from looking around the ports inside the container (using docker exec -it ark_server bash):

root@429811629a8c:/app# nmap 0.0.0.0 -T5 -p 7777-7778
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-02 00:05 UTC
Nmap scan report for 0.0.0.0
Host is up.

PORT     STATE    SERVICE
7777/tcp filtered cbt
7778/tcp filtered interwise

Nmap done: 1 IP address (1 host up) scanned in 1.61 seconds
root@429811629a8c:/app# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.11:34169        0.0.0.0:*               LISTEN      -                   
udp        0      0 127.0.0.11:41964        0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:27015           0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:7777            0.0.0.0:*                           -                   
udp        0      0 0.0.0.0:7778            0.0.0.0:*                           -                   
root@429811629a8c:/app# nmap 127.0.0.1 172.24.0.2 -T5 -p 1-65535
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-02 00:08 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
All 65535 scanned ports on localhost (127.0.0.1) are closed

Nmap done: 2 IP addresses (1 host up) scanned in 2.43 seconds
root@429811629a8c:/app# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
209: eth0@if210: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:17:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.23.0.2/16 brd 172.23.255.255 scope global eth0
       valid_lft forever preferred_lft forever

As you can see, the server is reachable on 0.0.0.0, but not on any other addresses of the container.

This is my docker-compose.yml:

version: '3'

services:
  server:
    restart: always
    container_name: ark_server
    image: hermsi/ark-server:latest
    volumes: 
      - /srv/games/ark-server:/app
      - /srv/games/ark-server-backups:/home/steam/ARK-Backups
    environment:
      - SESSION_NAME=REDACTED
      - SERVER_MAP=TheIsland
      - SERVER_PASSWORD=REDACTED
      - ADMIN_PASSWORD=REDACTED
      - MAX_PLAYERS=10
      - UPDATE_ON_START=true
      - BACKUP_ON_STOP=true
      - PRE_UPDATE_BACKUP=true
      - WARN_ON_STOP=true
      - DISABLE_BATTLEEYE=true
      - GAME_MOD_IDS=1404697612,1522327484,731604991,1609138312,1814953878
    ports:
      # Port for connections from ARK game client
      - "7777:7777/udp"
      # Raw UDP socket port (always Game client port +1)
      - "7778:7778/udp"
      # RCON management port
      - "27020:27020/tcp"
      # Steam's server-list port
      - "27015:27015/udp"

The docker-compose setup should not be at fault here. I'm pretty sure something is up with the internal workings of the docker container.

docker exec -u steam -it ark_server arkmanager status
Running command 'status' for instance 'main'
 Server running:   Yes 
 Server PID:   5141 
 Server listening:   Yes 
Server Name: REDACTED
Steam Players: 0 / 70
Active Steam Players: 0
 Server online:   Yes 
 ARKServers link:   http://arkservers.net/server/REDACTED:27015 
 Steam connect link:   steam://connect/REDACTED:27015 
 Server build ID:   10238961 
 Server version:   355.10 

The only port open to the host (and the rest of the internet) is port 27020, that one seems to be working OK. This is the only TCP port of the bunch, maybe that means something?

[kamacau]

same here, any news? i tried to force iptables routing inside container without success :(

[Aeases]

I've got a similar issue, restarting over and over seems to fix it for me. but it does come back every so often

EDIT: been able to fix the issue I'm experiencing by attaching the container to the host network, done by appending network_mode: host and removing the section where I declared the ports, probably not as secure but I run it in a vm anyways were ports are defined.

services:
  server:
    container_name: ark_cluster
    image: hermsi/ark-server:latest
    tty: true
    volumes:
      - ./ark-server:/app
      - ./ark-server-backups:/home/steam/ARK-Backups
    environment:
      - GAME_MOD_IDS=6969696969,420420420
      - SERVER_PASSWORD=
      - ADMIN_PASSWORD=something
      - MAX_PLAYERS=5
      - UPDATE_ON_START=true
    network_mode: host

Unrelated to this issue but I have messed around with the arkmanager.cfg removing some of the things set by environment variables and set them myself inside the config so my docker compose is a bit more sparse. some stuff might not be best practice since I'm new to docker.

[PlexSheep]

network mode host should be fine, especially if it fixes things, but this is still a pretty bad bug, especially as the documentation says to specify ports without network_mode: host. Normally when hosting something, if hosted to 0.0.0.0 it will be accessible on any IP of the machine, but in this case that is diffrent. For me personally, this defies the rules of networking.

[moonpost]

not sure if I have the same problem, but using Docker Desktop on Mac (intel) and I cannot seem to access any of the ports and thus cannot log into the server. not a networking guru, but curious how to fix this! is it an image problem or is it a docker problem?

[PlexSheep]

I am pretty sure it's a problem with the image.