Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Map TCP port to host ip is not working #3464

Open
alexfoe opened this issue Jan 14, 2019 · 15 comments

Comments

@alexfoe
Copy link

commented Jan 14, 2019

  • I have tried with the latest version of my channel (Stable or Edge)
  • I have uploaded Diagnostics
  • Diagnostics ID: 777F3002-40B9-4DBB-B1D6-5F3A728FD73C/20190114181438

Expected behavior

docker run --rm -p 10.3.110.22:80:80 --name webserver nginx

Actual behavior

docker: Error response from daemon: driver failed programming external connectivity on endpoint webserver (7de1a6d6305b474703563beb686256df8c36bcdd87b66f43483b57fd44cebd2c): Error starting userland proxy: Bind for 10.3.110.22:80: unexpected error Bad file descriptor.

Information

  • macOS Version:
    10.13.6

Diagnostic logs

Docker for Mac: version...

Docker version 18.09.1, build 4c52b90

Steps to reproduce the behavior

  1. cannot bind to port < 1024 if host-ip is given
  2. runs fine: docker run --rm -p 10.3.110.22:1025:80 --name webserver nginx
  3. fails (see error-response above) : docker run --rm -p 10.3.110.22:80:80 --name webserver nginx
@engrost

This comment has been minimized.

Copy link

commented Jan 15, 2019

Same happens for me docker version 18.09.1 (docker for mac 2.0.1.0). OSX version 10.14.2.
I cannot bind to port 53.
when I run command:
docker run --restart unless-stopped --name local_bind -d -p 127.0.0.1:53:53/udp -p 127.0.0.1:53:53 local_bind
I get above error
when I run:
docker run --restart unless-stopped --name local_bind -d -p 53:53/udp -p 53:53 local_bind
it runs but port 53 is not exposed netstat shows no ports open
At last was able to run:
docker run --restart unless-stopped --name local_bind -d -p 127.0.0.1:1053:53/udp -p 127.0.0.1:1053:53 local_bind
that binds to port 1053 but not what is expected

@lukeowen89

This comment has been minimized.

Copy link

commented Jan 15, 2019

I get the same issue since updating to version/2.0.1.0 on OSX version 10.13.6.

The problem seems to be specific to mapping to host ports < 1024.

@FreddieLindsey

This comment has been minimized.

Copy link

commented Jan 15, 2019

You need superuser to bind to ports < 1024. If you try this with sudo does it work?

@lukeowen89

This comment has been minimized.

Copy link

commented Jan 15, 2019

Hey @FreddieLindsey. I'm using docker compose so I gave sudo docker-compose up a go but still the same errors for host port binding < 1024.

ERROR: for varnish Cannot start service varnish: driver failed programming external connectivity on endpoint varnish (ea9c12e3d77fcbbfd226f0d856129b4731bb91b30afe03da755b9ee0eac3c6ba): Error starting userland proxy: Bind for 127.0.0.2:80: unexpected error Bad file descriptor

On previous versions sudo wasn't a requirement to initiate port binding in this way.

@alexfoe

This comment has been minimized.

Copy link
Author

commented Jan 15, 2019

@engrost

This comment has been minimized.

Copy link

commented Jan 16, 2019

After rolling back to docker for mac v2.0.0.0-beta1-mac75 with docker engine 18.09.0-ce-beta1 issue disappears.

@sm-paul-schuette

This comment has been minimized.

Copy link

commented Jan 16, 2019

same here. can not run dnsmasq in docker after latest update on edge. switched to stable and same setup

version: "3.5"
services:
  nginx:
    container_name: nginx
    image: jwilder/nginx-proxy:alpine
    ports:
      - "80:80"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
    environment:
      DEFAULT_HOST: portainer.docker
    networks:
      - nginx_proxy
    restart: always

  dnsmasq:
    container_name: dnsmasq
    image: jpillora/dnsmasq
    ports:
      - "53:53/udp"
    environment:
      VIRTUAL_HOST: dns.docker
      VIRTUAL_PORT: 8080
      HTTP_PASS:
      HTTP_USER:
    volumes:
      - ./dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf
    expose:
      - 8080
    depends_on:
      - nginx
    restart: always
    cap_add:
      - NET_ADMIN

  networks:
    nginx_proxy:
    name: nginx_proxy

works as before the update on edge. The nginx is reachable in both scenarios, though. So in my case it is limited to UDP.

@pgayvallet

This comment has been minimized.

Copy link

commented Jan 22, 2019

ping @djs55 ^

@pgayvallet

This comment has been minimized.

Copy link

commented Jan 22, 2019

Hello,

Thanks for the report. We actually rewrote part of the code that is handling the port opening in 2.0.1.0, this is most definitely related to this.

We are currently investigating it.

@pgayvallet

This comment has been minimized.

Copy link

commented Jan 23, 2019

The patch has been merged to master and will be released with next edge.

@docker-desktop-robot

This comment has been minimized.

Copy link
Collaborator

commented Apr 23, 2019

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale comment.
Stale issues will be closed after an additional 30d of inactivity.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so.

Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows.
/lifecycle stale

@steeve

This comment has been minimized.

Copy link

commented May 15, 2019

I'm having the same problem with d4m 2.0.4.1 (edge), I'm unable to contact a dns in docker with a port forward under 1024, in my case on UDP.

@steeve

This comment has been minimized.

Copy link

commented May 15, 2019

Confirmed working on stable channel (2.0.0.3).
Meaning edge is affected, hopefully this doesn't become the new stable just yet.

@steeve

This comment has been minimized.

Copy link

commented Jun 13, 2019

@pgayvallet gentle ping

@davidalger

This comment has been minimized.

Copy link

commented Jul 31, 2019

/remove-lifecycle stale

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
9 participants
You can’t perform that action at this time.