Continuing the discussion from How to set SMTP config to use localhost?:
I’m trying to connect to Protonmail Bridge running at the host machine, and it fails with connection refused
. My settings are:
DISCOURSE_SMTP_ADDRESS: 172.17.0.1
DISCOURSE_SMTP_PORT: 1025
Now, nmap tests:
nmap 127.0.0.1
on the host machine outputs:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000010s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
1025/tcp open NFS-or-IIS
1042/tcp open afrog
nmap 172.17.0.1
in the docker container does not output any 1025 port
I also tried in my app.yml
file, in expose
section:
172.17.0.1:1025:1025
But then the docker container failed to start erroring “the port is already in use”.
Finally, if I try to connect with using openssl from localhost:
openssl s_client -connect 127.0.01:1025 -starttls smtp
it works fine; but not when I try to from the docker container:
openssl s_client -connect 172.17.0.1:1025 -starttls smtp
Checking with ss
on host machine:
ss -plnt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.1:1025 0.0.0.0:* users:(("proton-bridge",pid=953,fd=12))
What am I doing wrong?
One thing I found in this stackoverflow answer says:
- you will only be able to access host services that are either (a) listening on
INADDR_ANY
(aka 0.0.0.0) or that are explicitly listening on thedocker0
interface.
Firstly, I checked iptables --list
, which I believe gives default output:
iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:https
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Now, I’m wondering if the Protonmail Bridge service that’s listening on 127.0.0.1:1025
is not accepting connections from the Docker container because they are not from 127.0.0.1
exactly?