container -> host port service in docker rootless

I spent a lot of time trying to figure why i was not able to access service listening in host machine at ~0.0.0.0:3000, Did a lot of IP tables and nixos firewall changes, looked at iptable logs etc.

Finally came across these two in a haysak of like 100 links i opened to figure this issue out:

• https://unix.stackexchange.com/questions/684747/how-does-the-docker-connection-to-the-host-machine-work-when-run-in-rootless-mod/684779#684779
• https://www.reddit.com/r/docker/comments/rsj4xl/rootless_docker_connect_to_host_port/

This hinted me that it could be docker rootless that I enabled in my nixos config

I’ve not confirmed but probably that was it. I rebuit my system and things started working. Major diff, the veth pair was not showing up when i did ip a before in the host, now it is. Additionally docker0 bridge was down, now it’s up.

I WAS JUST GETTING CONNECTION REFUSED, While I was able to ping the host not able to access any ports on the host. This was super annoying.

Links:

• https://search.nixos.org/options?channel=23.11&show=virtualisation.docker.rootless.setSocketVariable&from=0&size=50&sort=relevance&type=packages&query=virtualisation.docker

I think it was not the firewall but me disabling virtualisation.docker.rootless.setSocketVariable, i’ll have to confirm.

6: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:b7:b9:5b:58 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:b7ff:feb9:5b58/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
7: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none
    inet 10.8.0.19/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::61ec:cb2d:fd6:a017/64 scope link stable-privacy proto kernel_ll
       valid_lft forever preferred_lft forever
11: vethf4d7256@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether 5e:c7:25:d7:38:0c brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 169.254.125.2/16 brd 169.254.255.255 scope global noprefixroute vethf4d7256
       valid_lft forever preferred_lft forever
    inet6 fe80::5cc7:25ff:fed7:380c/64 scope link
       valid_lft forever preferred_lft forever