cmj2002
could not connect service from the host
I've notice the issue #23 is closed.
However I still could not connect the gost exposed service from the host even with BETA_FIX_HOST_CONNECTIVITY=1
the container ip is 172.35.0.37
and the output of the dump is
Excluded: [
10.0.0.0/8,
100.64.0.0/10,
169.254.0.0/16,
172.16.0.0/12,
192.0.0.0/24,
192.168.0.0/16,
224.0.0.0/24,
240.0.0.0/4,
239.255.255.250/32,
255.255.255.255/32,
fe80::/10,
fd00::/8,
ff01::/16,
ff02::/16,
ff03::/16,
ff04::/16,
ff05::/16,
fc00::/7,
17.249.0.0/16,
17.252.0.0/16,
17.57.144.0/22,
17.188.128.0/18,
17.188.20.0/23,
2620:149:a44::/48,
2403:300:a42::/48,
2403:300:a51::/48,
2a01:b740:a42::/48,
240.0.0.0/4,
10.0.0.0/8,
100.64.0.0/10,
172.16.0.0/12,
17.249.0.0/16,
17.252.0.0/16,
169.254.0.0/16,
192.168.0.0/16,
17.188.128.0/18,
17.57.144.0/22,
17.188.20.0/23,
192.0.0.0/24,
224.0.0.0/24,
104.16.80.230/32,
104.17.143.163/32,
162.159.192.7/32,
239.255.255.250/32,
fc00::/7,
fe80::/10,
ff02::/15,
ff04::/15,
ff01::/16,
2403:300:a42::/48,
2403:300:a51::/48,
2620:149:a44::/48,
2a01:b740:a42::/48,
2606:4700::6810:50e6/128,
2606:4700::6811:8fa3/128,
]
I think 172.35.0.37 is in the range of 172.16.0.0/12.
and I try to expose a shadowsocks service by gost:
ss+ohttp://aes-256-gcm:[email protected]:9876
any idea? thanks
You must have made a mistake. 172.35.0.37 does not belong to 172.16.0.0/12 (the subnet ends at 172.31.255.255). 172.35.0.37 is a public IP address, which appears to be a home user IP belonging to T-Mobile.
You must have made a mistake.
172.35.0.37does not belong to172.16.0.0/12(the subnet ends at172.31.255.255).172.35.0.37is a public IP address, which appears to be a home user IP belonging to T-Mobile.
Thanks for the reply
Yes, It's my mistake, And now I change the ip to 172.28.0.37, still could not connect from host..
Any seconds?
Can you run docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name to get the correct IP of container and retry?
I recommend setting 0.0.0.0 as gost listening IP and use docker's port forward. IP of container can change when you recreate them. Remember to change the forwarded port if you change the server_port.
Also, it seems that you commented with some additional information (I can see it in my email) but somehow it disappear on GitHub.
Can you run
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_nameto get the correct IP of container and retry?I recommend setting
0.0.0.0as gost listening IP and use docker's port forward. IP of container can change when you recreate them. Remember to change the forwarded port if you change theserver_port.Also, it seems that you commented with some additional information (I can see it in my email) but somehow it disappear on GitHub.
sudo docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' warp
172.26.0.37
It seems the ip is got the correct ip addr.
and now the docker-compose is as below:
warp:
image: caomingjun/warp:latest
container_name: warp
# restart: always
ports:
- "8338:8338"
environment:
- WARP_SLEEP=2
- GOST_ARGS=-L=ss+ohttp://aes-256-gcm:passwd@:8338
- BETA_FIX_HOST_CONNECTIVITY=1
cap_add:
- NET_ADMIN
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
volumes:
- /srv/docker/data/warp/:/var/lib/cloudflare-warp
networks:
ss-backend:
ipv4_address: 172.26.0.37
not got lucy,
Can you run
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_nameto get the correct IP of container and retry?I recommend setting
0.0.0.0as gost listening IP and use docker's port forward. IP of container can change when you recreate them. Remember to change the forwarded port if you change theserver_port.Also, it seems that you commented with some additional information (I can see it in my email) but somehow it disappear on GitHub.
For the other gone replies. I've got connection once and I close the issue. and then I also tried to build a shadowsocks-libev service, which could not be connected outside.
after that I drawback to the original gost service, and cannot connect again.
I thought the only once 'successful connection' is caused the warp service not established on the time. if the warp not connected from time to time, the shadowsocks protocol could connect right.
Can you try to see if the default SOCKS5 proxy also has this issue? It’s best to run curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace from the host machine for testing, as there may also be a firewall between you and the host machine (regardless of whether it is something you can control).
Yes, the socks5 works fine. with GOST_ARGS=-L=ss+ohttp://aes-256-gcm:password@:8338 -L=socks5://:1080 and expose both 1080 and 8338
the socks service works fine on host:
fii@tc:~$ curl --socks5-hostname 127.0.0.1:1080 https://cloudflare.com/cdn-cgi/trace
fl=466f140
h=cloudflare.com
ip=104.28.217.42
ts=1727782106.888
visit_scheme=https
uag=curl/7.88.1
colo=SJC
sliver=none
http=http/2
loc=US
tls=TLSv1.3
sni=plaintext
warp=on
gateway=off
rbi=off
kex=X25519
while the shadowsocks not work
I also tried proxy mode before with run the commands below in the container
warp-cli set-proxy-port 40000
# Set the mode to proxy
warp-cli --accept-tos mode proxy
and GOST_ARGS=-L=ss+ohttp://aes-256-gcm:password@:8338 -F socks://:40000
the shadowsocks services works.
This is very strange, I cannot understand. The SOCKS5 works indicates that the container can be accessed from the host machine, and the forwarding of SOCKS5 through shadowsocks suggests that there is no issue with GOST's shadowsocks functionality or your configuration. I can't think of what the problem could be.
yes, that's very strange, I tried two days and try to get help here. any ideas appreciate.
I also encountered the same problem. And the same goes for trying to change a few machines for testing. Service cannot be connected externally
version: "3"
services:
warp:
image: caomingjun/warp
container_name: warp
restart: always
# add removed rule back (https://github.com/opencontainers/runc/pull/3468)
device_cgroup_rules:
- 'c 10:200 rwm'
ports:
- "53217:1080"
environment:
- WARP_SLEEP=2
- GOST_ARGS=-L ss+aead-chacha20-poly1305://password@:1080
- WARP_LICENSE_KEY=xxxxx-xxxxx-xxxx
# - WARP_ENABLE_NAT=1 # enable nat
cap_add:
# Docker already have them, these are for podman users
- MKNOD
- AUDIT_WRITE
# additional required cap for warp, both for podman and docker
- NET_ADMIN
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv4.conf.all.src_valid_mark=1
# uncomment for nat
# - net.ipv4.ip_forward=1
# - net.ipv6.conf.all.forwarding=1
# - net.ipv6.conf.all.accept_ra=2
volumes:
- ./data:/var/lib/cloudflare-warp
The configuration I currently use
