Port blocked despite wide open access control

ACL (Access Control Lists)
#1

I have a slightly complicated setup:

Pi: A raspberry Pi, running tailscale. Pi reports version of TS needs updating.
Server: Ubuntu 18.04 running tailscale
Docker: Container running on the server, Ubuntu 18.04 also
Pi is in a home network
Server is in an enterprise network, but has IP address that’s open to internet
AFAIK there are no active firewalls in the path.

I test using nc 1234 (port 1234 picked at random). I am able to connect when shell in Docker issues nc -l 1234 and pi issues nc 1234 but in the reverse direction nc returns immediately.

Any suggestions for fixing or further troubleshooting?

#2

Docker sets up default iptables rules that play a lot of tricks. Did you try connecting from the server into the pi? Did you install tailscale inside the docker container, or outside?

#3

Trying that. So far the problem persists. I am not 1000% sure that I am checking it correctly. My use case is that I am running ROS (robotics operating system) and it will allocate ports on the fly for certain purposes. I am not sure what the exact sequence or algorithm is. In any event I am checking the connectivity with netcat, as follows:

Pi> nc -l 1234

docker> nc pi-ip-address 1234

and then the reverse. (Which is the way ROS recommends.) Can you say whether this is checking things in the right way?

#4

I assume you’re not actually typing “nc 1234” right? You’d need to
clearly specify a server IP address.

#5

Yes I have corrected it. I used <> and they were swallowed by the edit box :slight_smile:

#6

Are you using pitosalas@brandeis.edu to connect to tailscale ? I do not see any devices connected with this domain.

#7

Thank you, the problem has been solved. There was some more tricky iptable stuff to overcome but we got there.
Pito Salas
Faculty, Computer Science
Brandeis University

#8

Glad you found the solution.

Thank you