Can access SSH but no other services on Linux server via Tailscale

Tailscale version: 1.30.2
Your operating system & version: Ubuntu 22.04.1 LTS
Latest Android client

SUMMARY:

I have Tailscale installed on an Ubuntu server, along with an Android device and a Windows 11 laptop.

I can SSH into the server (using the 100.XX.XX.XX:22 address) without any issues from both Android and Windows 11 (from a cellphone network, so I’m certain it’s traversing the Tailscale network).

ISSUE:

I can see the various services (running in docker containers)advertised on Tailscale but I cannot access them:

image

I’ve tried temporarily disabling the firewall, to validate it’s not being blocked at that level (it isn’t). I’ve also tried playing around with 192.0.0.0/24 subnets (with no change).

How can I debug where the issue lies?

Can you detail a bit more your setup on Ubuntu? How are you exposing the docker services to tailscale? And do you have any ACL setup that could block the traffic?

Best regards,
Lieven

I’ll try and answer, but not sure exactly which information to provide!

  1. Tailscale is running on the host OS, rather than in a container itself.
  2. I didn’t do any specific configuration to interface it with the docker containers; they automatically appeared in the ‘services’ tab in Tailscale
  3. I haven’t configured ACL - only have 1 user configured at the moment and wanted to get it working before locking things down.

When on the local network, I can hit the docker services either through 192.168.X.X:ZZZZ or through hostname:ZZZZ. I assumed (perhaps incorrectly) that because they appeared in the tailscale services page, no further configuration was necessary.

I don’t have any restrictions setup in iptables.

I’m sure it’s something obvious, just need pointing in the right direction to be able to diagnose further!

Thanks,

Nick

I have also tried setting up a subnet, as per here: Subnet routers and traffic relay nodes · Tailscale

Host is on 192.168.4.7, so ran the various commands and then this:

sudo tailscale up --advertise-routes=192.168.4.0/24

The subnet is enabled in the admin console.

Have you found a solution for this issue. I have also installed tailscale on the host and assumed I would have plug and play access to my containers. I see that was misguided.