Can no longer access new or rebuilt containers locally on server

Hey guys, first time posting and have quite a headache on my hands that I can’t seem to resolve.

I have several apps running in different docker containers, on a CentOS 8 server running CWP Pro.

Last week we noticed our additional IPs hadn’t been added to the server and proceeded to add them which began an array of problems, where we ended up adding them using nmtui. This broke our CWP Pro subscription (changing the IP) so we wiped it all out and started again.

However after rebuilding a docker container today it seems the problem isn’t over. We cannot now access anything built or rebuilt since then locally. The containers work on the server-ip:port, but locally we cannot access them (or proxy them off subdomains).

The problem is obviously linked to the binding/network as local connections don’t even get through to the containers (as far as I can see), we just get “curl: (56) Recv failure: Connection reset by peer”, despite appearing fine in docker ps, network etc…

Anyone come across this issue before or how to rectify it?

Without the ability to proxy containers we’ll likely have to rebuild the server (which obviously I don’t want to do)

Can you access the containers from another machine, or the request fails from everywhere, not just from the local machine?

My guess would be a network / routing issue. Or a local firewall issue. I can’t write a more detailed reply at the moment, but I will check your response later.

I can access it from the web yes. I installed jellyfin as a test to make sure it wasn’t just the container and the same behaviour. I can get on server-ip:8097 no problem, works fine, but on the actual server

curl -v http://127.0.0.1:8097
* Rebuilt URL to: http://127.0.0.1:8097/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8097 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:8097
> User-Agent: curl/7.61.1
> Accept: */*
> 
* Recv failure: Connection reset by peer
* Closing connection 0

yet to the server direct

curl -v http://SERVERIP:8097
* Rebuilt URL to: http://SERVERIP:8097/
*   Trying SERVERIP...
* TCP_NODELAY set
* Connected to SERVERIP (SERVERIP) port 8097 (#0)
> GET / HTTP/1.1
> Host: SERVERIP:8097
> User-Agent: curl/7.61.1
> Accept: */*
> 
< HTTP/1.1 302 Found
< Content-Length: 0
< Date: Thu, 23 Jan 2025 23:55:27 GMT
< Server: Kestrel
< Location: web/
< 
* Connection #0 to host XXXXXXX left intact

and yet to my n8n container (not rebuilt)

curl -v http://127.0.0.1:5678
* Rebuilt URL to: http://127.0.0.1:5678/
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 5678 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:5678
> User-Agent: curl/7.61.1
> Accept: */*
> 
< HTTP/1.1 200 OK
< Cache-Control: no-cache, no-store, must-revalidate
docker ps
CONTAINER ID   IMAGE                                 COMMAND                  CREATED          STATUS                      PORTS                                                                                                                                                                        NAMES
368885b62c4b   lscr.io/linuxserver/jellyfin:latest   "/init"                  20 minutes ago   Up 14 minutes               0.0.0.0:1900->1900/udp, :::1900->1900/udp, 0.0.0.0:7359->7359/udp, :::7359->7359/udp, 0.0.0.0:8920->8920/tcp, :::8920->8920/tcp, 0.0.0.0:8097->8096/tcp, :::8097->8096/tcp   jellyfin
fc0c336de7f4   n8nio/n8n:latest                      "tini -- /docker-ent…"   7 hours ago      Up 13 minutes               0.0.0.0:5678->5678/tcp, :::5678->5678/tcp                                                                                                                                    n8n
a9d488da27b9   postgres:latest                       "docker-entrypoint.s…"   7 hours ago      Up 14 minutes               5432/tcp                                                                                                                                                                     n8n_db

So it is not that it is available from outside the machine and not from the inside, but that it is available when you are using the host IP and not when using the loopback ip?

I’m trying to remember an odlc ase, but until that, you can check the output of

ip route

If you are not sure, and you don’t have an IP or subnet in it that you don’t want to share, you can share it here.

You could also check firewall rules locally like UFW or firewalld.

And please, share how you set the port mapping.