After a hirsute upgrade, I found that my DNS and HTTP services were no longer working, though most everything else was. The error is Connection Refused. The processes are running successfully, in docker, but it seems as if the port bind is silently failing.
lsof reports that the ports are in use and listening. I've verified by connecting to the internal Docker IPs that the upstream services are running.
The most confusing thing is that this is only a problem for certain ports, and for IPv4 addresses. I bound a netcat listener via netcat -l -p 80 and was unable to connect to it, either from the same machine or over the network. However, when I listen to port 81 using the same command, I can connect locally or over the network.
Another thing I tried was installing NGINX to the system, to rule out the possibility of Docker problems. However, despite lsof reporting that NGINX had bound port 80 on all addresses IPv4 and IPv6, it could only be connected to via the IPv6 loopback - 127.0.0.1 still had connection refused.
That is, this problem applies only when:
- Binding to very specific low ports (53, 80, 443).
- Binding to IPv4 addresses.
ufw is disabled. iptables doesn't have anything I can see that would interfere (and even then, connection refused?). I've rebooted a few times. I'm out of ideas, so anything worth investigating is appreciated.
