No port forwarding to port 22?!

General
1

Hi,
I’m trying to run gitlab in a docker container, which seems to run just fine.

A “docker ps” gives…

1b7037a84154        gitlab/gitlab-ce:latest                  "/assets/wrapper"        4 hours ago         Up 2 hours (healthy)   0.0.0.0:10022->22/tcp, 0.0.0.0:10080->80/tcp, 0.0.0.0:10443->443/tcp

I can access the Web-UI, cloning via https works also fine.
However, when trying to use ssh:// instead of https://, I cannot access the server unless I’m running the git clone command from the host itself.

So, being logged in on docker_host_com, a

git clone ssh ...

works ok.
However, being logged in on other_host_com, the same command fails (it does not even ask for the passphrase).

I’ve run tcpdump on the docker-host to verify that the “other” at least tries to connect
Running

sudo tcpdump -i any port 10022

on docker.host yields a

23:22:09.052453 IP other_host_com.37142 > docker_host_com.10022: Flags [S], seq 864957212, win 64240, options [mss 1460,sackOK,TS val 2850033950 ecr 0,nop,wscale 7], length 0

but nothing else really happens.
Running

sudo tcpdump -vvv -i any port 22

inside the gitlab container shows no reaction when the “git clone” is run from “other_host_com”, but a LOT of traffic when “git clone” is run on “docker_host_com”

HOWEVER, this is not restricted to gitlab! I tried the same with some simple “ssh” docker image

docker run --rm --publish=2222:22 sickp/alpine-sshd:7.5-r2

and the results when trying to ssh into that image are the same: it works from “docker_host_com”, but not from “other_host_com”.

I’m running ufw on “docker_host_com”, but that shouldn’t stand in the way, as far as I understood, as docker ignores ufw anyway. I also disabled ufw, but that would not help.

Interestingly, when I run some other container that does NOT use port 22 inside (e.g.

docker run -rm -p 9999:80 -d nginxdemos/hello

everything works fine from both the “docker” and the “other” host.

wget docker_host_com:9999

returns the same results on both “docker_host_com” and “other_host_com”

What am I doing wrong?

PS: Sorry, I had to cripple some of the URLs because as a new user I must not put more than two links in a post. That’s a … difficult rule.