Port blocked despite wide open access control

I have a slightly complicated setup:

Pi: A raspberry Pi, running tailscale. Pi reports version of TS needs updating.
Server: Ubuntu 18.04 running tailscale
Docker: Container running on the server, Ubuntu 18.04 also
Pi is in a home network
Server is in an enterprise network, but has IP address that’s open to internet
AFAIK there are no active firewalls in the path.

I test using nc 1234 (port 1234 picked at random). I am able to connect when shell in Docker issues nc -l 1234 and pi issues nc 1234 but in the reverse direction nc returns immediately.

Any suggestions for fixing or further troubleshooting?

Docker sets up default iptables rules that play a lot of tricks. Did you try connecting from the server into the pi? Did you install tailscale inside the docker container, or outside?

Trying that. So far the problem persists. I am not 1000% sure that I am checking it correctly. My use case is that I am running ROS (robotics operating system) and it will allocate ports on the fly for certain purposes. I am not sure what the exact sequence or algorithm is. In any event I am checking the connectivity with netcat, as follows:

Pi> nc -l 1234

docker> nc pi-ip-address 1234

and then the reverse. (Which is the way ROS recommends.) Can you say whether this is checking things in the right way?

I assume you’re not actually typing “nc 1234” right? You’d need to
clearly specify a server IP address.

Yes I have corrected it. I used <> and they were swallowed by the edit box :slight_smile:

Are you using pitosalas@brandeis.edu to connect to tailscale ? I do not see any devices connected with this domain.

Thank you, the problem has been solved. There was some more tricky iptable stuff to overcome but we got there.
Pito Salas
Faculty, Computer Science
Brandeis University

Glad you found the solution.

Thank you