Join Log in
Score:0
Rabin avatar Server

Established TCP connection but no data is returned

in flag
Rabin

I'm running a simple registry with podman and bind it to a local private IP address.

podman container create \
   --name insecure-registry \
   --privileged=True \
   --env REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
   --volume /var/lib/registry:/var/lib/registry:rw \
   --publish 10.20.30.40:5000:5000 \
   registry:2

And when I try to expose the registry using port-forwarding to a limited source IP's, from what I can see the TCP connection is established, but no data is returned when I query the public endpoint.

firewall-cmd --zone=external --add-rich-rule='rule family="ipv4" forward-port port="5000" protocol="tcp" to-port="5000" to-addr="10.20.30.40" source address="1.1.1.0/20"'

curl -m 2 -v registry.mydomain.dev:5000/v2/_catalog
*   Trying 169.x.x.x...
* TCP_NODELAY set

* Connection timed out after 2000 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 2000 milliseconds

But locally it is working

curl 10.20.30.40:5000/v2/_catalog

{
  "repositories": [
    "gocli",
    "ubuntu"
  ]
}

What I am missing?

132
0 + 1
Rabin avatar
in flag
Rabin
I have verified it with tcpdump, you clearly see the 3-way handshake, I have a filling it related to black magic of how podman creates some nftables rules.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.