Docker Community Forums

Share and learn in the Docker community.

Help forwarding ports within a container

Hello all, I’m brand new to docker. I’m currently using a Synology device, so docker is the ideal way to run applications I otherwise couldn’t such as Pihole. The system info is

Synology DS1019+ up to date
Docker is on version 18.09.0-5013
The docker image I’m having trouble with is realies/soulseek:latest

Soulseek is a P2P application so it needs to have 2 listening ports open in order to work. I used Portainer to set it up on the same network as my synology device, in host mode, rather than bridge. I can access soulseek by going to my synology devices IP at the default port for the soulseek container which is 192.168.0.25:6080.

Now within the container itself using Soulseeksown configuration I have selected 6081 and 6082 as my listening ports. My understanding is that since the container is on the host network, any port forwarded to the synology device goes straight to the container, right? So I forwarded ports 6081 and 6082 on my router to the Syno device. However it never gets there. Port checkers online say those ports are indeed open, but somewhere along the way they aren’t getting to the container. I really have no idea what to do here. Is there something else I need to configure to get the port from the router > synology device > docker > soulseek container?

I have tried doing this via SSH, via the GUI built into synology and of course with Portainer and it’s all the same. I hope this is enough information I can attach some screenshot or whatever if need be, thanks!

If you use network=host, the container binds all its ports directly on the hosts network interface (actualy it hooks into the same network namespace as the host, and network-wise acts like any other process on the host) and bypasses the need to publish ports.

I can’t find those ports in the image description. Just to state the obvious: if those ports are UDP or TCP, your router will need to forward the same ports using the protocol it is listening on.

Other than that: looks good to me.

1 Like

6081 and 6082 are the ports I chose in the actual Soulseek application, not in the docker configuration. It looks like this, where you select the “listening” ports. The “Server port” does not need to be opened.

So if I were running Soulseek as a normal application natively, not in docker, I’d choose whatever port I wanted there and then forward those ports to the computer Soulseek was running on.

Looking at Soulseeks diagnostics it does have the right IP, the same as my NAS which is 192.168.0.25. Being in host mode should mean that forwarding ports 6081-6082 to that IP should mean they go to Soulseek but they don’t. I feel like I’m missing a step with the docker configuration or something which passes it through to the container.It definitely works on my network since I can run Soulseek with ports forwarded on my laptop. The Soulseek in the docker container is also still online, I can search things, chat in the rooms and so on, but since the ports are closed people can’t make P2P connections TO me.

There is no additional docker configuration. It should work. I assume you did not check the “use … mapping” boxes, as they make no sense with manual port forwarding.

Just for the sake of testing: can you disable your firewall and try again?

1 Like

Yeah those boxes were unchecked. Do you mean the Synology firewall? I disabled that and it had no effect. I’m ready to give up it seems like such a straightforward task that should be easy to get working.

Actualy your docker configuration is how it would work on any docker host. Its a mystery why it does not work on yours. Even though Synology customized the docker engine they maintain and provide as spk packge, it is still a docker engine, which for most aspects behaves like a vanila docker engine. Some things are broken (like environment variables for swarm services) or do not comply with vanila docker engine (like when you try to deploy a docker-compose.yml as docker compose stack within Portainer). Actualy those are the only two bugs, I am aware of.

I do run one of my Plex instances on a DS with network=host. Everything works like a charme, including remote access. There must be something off with the image of the containerized app itself, or in the chain from wan to your NAS.

1 Like

The type of network a container uses, whether it is a bridge, an overlay, a macvlan network, or a custom network plugin, is transparent from within the container. From the container’s point of view, it has a network interface with an IP address, a gateway, a routing table, DNS services, and other networking details (assuming the container is not using the none network driver). This topic is about networking concerns from the point of view of the container.

Published ports
By default, when you create a container, it does not publish any of its ports to the outside world. To make a port available to services outside of Docker, or to Docker containers which are not connected to the container’s network, use the --publish or -p flag. This creates a firewall rule which maps a container port to a port on the Docker host.

1 Like

Yeah it’s either the Synology OS messing it up, or the container images themselves. I’ll try setting up some other different images today to see if they work to narrow down the cause , thanks for you help.

Unfortunately it seems to happen no matter what networking I elect to use, host mode, bridge mode, whatever. I’m positive I’ve been using the correct commands to set it up too.