Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

could not connect service from the host #34

Open
fireinice opened this issue Sep 30, 2024 · 10 comments
Open

could not connect service from the host #34

fireinice opened this issue Sep 30, 2024 · 10 comments
Labels
help wanted Extra attention is needed

Comments

@fireinice
Copy link

I've notice the issue #23 is closed.
However I still could not connect the gost exposed service from the host even with BETA_FIX_HOST_CONNECTIVITY=1
the container ip is 172.35.0.37
and the output of the dump is

Excluded: [
    10.0.0.0/8,
    100.64.0.0/10,
    169.254.0.0/16,
    172.16.0.0/12,
    192.0.0.0/24,
    192.168.0.0/16,
    224.0.0.0/24,
    240.0.0.0/4,
    239.255.255.250/32,
    255.255.255.255/32,
    fe80::/10,
    fd00::/8,
    ff01::/16,
    ff02::/16,
    ff03::/16,                                                                                                                                 
    ff04::/16,                                                                                                                                 
    ff05::/16,                                                                                                                                 
    fc00::/7,                                                                                                                                  
    17.249.0.0/16,                                                                                                                             
    17.252.0.0/16,                                                                                                                             
    17.57.144.0/22,                                                                                                                            
    17.188.128.0/18,                                                                                                                           
    17.188.20.0/23,                                                                                                                            
    2620:149:a44::/48,                                                                                                                         
    2403:300:a42::/48,                                                                                                                         
    2403:300:a51::/48,                                                                                                                         
    2a01:b740:a42::/48,                                                                                                                        
    240.0.0.0/4,                                                                                                                               
    10.0.0.0/8,                                                                                                                                
    100.64.0.0/10,                                                                                                                             
    172.16.0.0/12,                                                                                                                             
    17.249.0.0/16,                                                                                                                             
    17.252.0.0/16,                                                                                                                             
    169.254.0.0/16,                                                                                                                            
    192.168.0.0/16,                                                                                                                            
    17.188.128.0/18,                                                                                                                           
    17.57.144.0/22,                                                                                                                            
    17.188.20.0/23,                                                                                                                            
    192.0.0.0/24,                                                                                                                              
    224.0.0.0/24,                                                                                                                              
    104.16.80.230/32,                                                                                                                          
    104.17.143.163/32,                                                                                                                         
    162.159.192.7/32,                                                                                                                          
    239.255.255.250/32,                                                                                                                        
    fc00::/7,                                                                                                                                  
    fe80::/10,                                                                                                                                 
    ff02::/15,                                                                                                                                 
    ff04::/15,                                                                                                                                 
    ff01::/16,                                                                                                                                 
    2403:300:a42::/48,                                                                                                                         
    2403:300:a51::/48,                                                                                                                         
    2620:149:a44::/48,                                                                                                                         
    2a01:b740:a42::/48,                                                                                                                        
    2606:4700::6810:50e6/128,                                                                                                                  
    2606:4700::6811:8fa3/128,                                                                                                                  
]   

I think 172.35.0.37 is in the range of 172.16.0.0/12.

and I try to expose a shadowsocks service by gost:
ss+ohttp://aes-256-gcm:password@172.35.0.37:9876

any idea? thanks

@cmj2002
Copy link
Owner

cmj2002 commented Oct 1, 2024

You must have made a mistake. 172.35.0.37 does not belong to 172.16.0.0/12 (the subnet ends at 172.31.255.255). 172.35.0.37 is a public IP address, which appears to be a home user IP belonging to T-Mobile.

@fireinice
Copy link
Author

fireinice commented Oct 1, 2024

You must have made a mistake. 172.35.0.37 does not belong to 172.16.0.0/12 (the subnet ends at 172.31.255.255). 172.35.0.37 is a public IP address, which appears to be a home user IP belonging to T-Mobile.

Thanks for the reply
Yes, It's my mistake, And now I change the ip to 172.28.0.37, still could not connect from host..
Any seconds?

@fireinice fireinice reopened this Oct 1, 2024
@cmj2002
Copy link
Owner

cmj2002 commented Oct 1, 2024

Can you run docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name to get the correct IP of container and retry?

I recommend setting 0.0.0.0 as gost listening IP and use docker's port forward. IP of container can change when you recreate them. Remember to change the forwarded port if you change the server_port.

Also, it seems that you commented with some additional information (I can see it in my email) but somehow it disappear on GitHub.

@fireinice
Copy link
Author

fireinice commented Oct 1, 2024

Can you run docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name to get the correct IP of container and retry?

I recommend setting 0.0.0.0 as gost listening IP and use docker's port forward. IP of container can change when you recreate them. Remember to change the forwarded port if you change the server_port.

Also, it seems that you commented with some additional information (I can see it in my email) but somehow it disappear on GitHub.

sudo docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' warp
172.26.0.37

It seems the ip is got the correct ip addr.

and now the docker-compose is as below:

  warp:                                                                                                                                        
    image: caomingjun/warp:latest                                                                                                              
    container_name: warp                                                                                                                       
    # restart: always                                                                                                                          
    ports:                                                                                                                                     
      - "8338:8338"                                                                                                                                                                                                                                                       
    environment:                                                                                                                                                                                                                                               
      - WARP_SLEEP=2                                                                                                                           
      - GOST_ARGS=-L=ss+ohttp://aes-256-gcm:passwd@:8338                                                                                                                                                                    
      - BETA_FIX_HOST_CONNECTIVITY=1                                                                                                                                                                                                              
    cap_add:                                                                                                                                   
      - NET_ADMIN                                                                                                                              
    sysctls:                                                                                                                                   
      - net.ipv6.conf.all.disable_ipv6=0                                                                                                       
      - net.ipv4.conf.all.src_valid_mark=1                                                                                                     
      - net.ipv4.ip_forward=1                                                                                                                  
    volumes:                                                                                                                                   
      - /srv/docker/data/warp/:/var/lib/cloudflare-warp                                                                                        
    networks:                                                                                                                                  
      ss-backend:                                                                                                                              
        ipv4_address: 172.26.0.37 

not got lucy,

@fireinice
Copy link
Author

Can you run docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name to get the correct IP of container and retry?

I recommend setting 0.0.0.0 as gost listening IP and use docker's port forward. IP of container can change when you recreate them. Remember to change the forwarded port if you change the server_port.

Also, it seems that you commented with some additional information (I can see it in my email) but somehow it disappear on GitHub.

For the other gone replies.
I've got connection once and I close the issue.
and then I also tried to build a shadowsocks-libev service, which could not be connected outside.

after that I drawback to the original gost service, and cannot connect again.

I thought the only once 'successful connection' is caused the warp service not established on the time. if the warp not connected from time to time, the shadowsocks protocol could connect right.

@cmj2002
Copy link
Owner

cmj2002 commented Oct 1, 2024

Can you try to see if the default SOCKS5 proxy also has this issue? It’s best to run curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace from the host machine for testing, as there may also be a firewall between you and the host machine (regardless of whether it is something you can control).

@fireinice
Copy link
Author

fireinice commented Oct 1, 2024

Yes, the socks5 works fine. with GOST_ARGS=-L=ss+ohttp://aes-256-gcm:password@:8338 -L=socks5://:1080 and expose both 1080 and 8338

the socks service works fine on host:

fii@tc:~$ curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace                                                        
fl=466f140                                                                                                                                     
h=cloudflare.com                                                                                                                               
ip=104.28.217.42                                                                                                                               
ts=1727782106.888                                                                                                                              
visit_scheme=https                                                                                                                             
uag=curl/7.88.1                                                                                                                                
colo=SJC                                                                                                                                       
sliver=none                                                                                                                                    
http=http/2                                                                                                                                    
loc=US                                                                                                                                         
tls=TLSv1.3                                                                                                                                    
sni=plaintext                                                                                                                                  
warp=on                                                                                                                                        
gateway=off                                                                                                                                    
rbi=off                                                                                                                                        
kex=X25519

while the shadowsocks not work

@fireinice
Copy link
Author

I also tried proxy mode before
with run the commands below in the container

warp-cli set-proxy-port 40000
# Set the mode to proxy
warp-cli --accept-tos mode proxy

and GOST_ARGS=-L=ss+ohttp://aes-256-gcm:password@:8338 -F socks://:40000
the shadowsocks services works.

@cmj2002
Copy link
Owner

cmj2002 commented Oct 1, 2024

This is very strange, I cannot understand. The SOCKS5 works indicates that the container can be accessed from the host machine, and the forwarding of SOCKS5 through shadowsocks suggests that there is no issue with GOST's shadowsocks functionality or your configuration. I can't think of what the problem could be.

@fireinice
Copy link
Author

fireinice commented Oct 1, 2024

yes, that's very strange, I tried two days and try to get help here. any ideas appreciate.

@cmj2002 cmj2002 added the help wanted Extra attention is needed label Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants