Communicate Across Two Interfaces
-
.Cloudron is setup in the typical manner with the public IP sitting on ENS3. Everything works as expected and no issues. I have a second interface, ENS4 which is connected to a number of servers internally. From the CLI I can reach everything just fine. When I deployed Guacamole I found it was unable to connect to any systems on ENS4. It would connect externally just fine. Is there something I can do to enable this? I imagine this is a pretty common use case for Guacamole and it's worked well for me in the past. Thanks in advance for any help.
-
@rez When you say from the CLI, do you mean via SSH or using the Web terminal ? If you haven't done so already, can you check if the internal servers are reachable via the Web terminal? Network connectivity wise that is what the app will be facing as well.
-
@girish No route to host for anything on ENS4. Checked using the web terminal as requested.
-
@rez Not sure what needs to be done here but looks like the docker containers are unable to connect. Maybe you can debug using
docker run -t cloudron/base:3.0.0 /bin/bash. This gives you a plain docker container. We have to somehow make the routing stuff work via docker container. -
@girish I came across this when I was doing some research on the issue.
"you can run your container in host mode and you will see the same networking that you see on the host, but there is no network isolation. When there is a bridge in between the packets from the container have to be natted and so one interface has to be chosen"
This explains why I didn't see the issue on my other systems since Guacamole is running in host mode there. I'll need to look at a different work around or create a seperate bridge and add the container to it.
-
@rez I see. Cloudron apps do not run in host mode because we need the network isolation for security purposes. Still I am not sure I understand why a docker container cannot access external network regardless. I thought this was taken care of by linux routing.
