Service port not accessible from outside

Hi,

I’ve hit a weird one and I’m having some trouble figuring out why this isn’t working, so hoping that someone can maybe give me a hint.

I have a cluster composed of 6 machines (3 managers, 3 workers). Then I have this service that exposes port 8080 for incoming TCP traffic. I’m creating the service in the swarm by publishing the internal port to 10010. There isn’t anything else particularly special about the service, but here’s the command.

docker service create --name myservice --replicas 1 --constraint "node.role==worker" --with-registry-auth --publish 10010:8080 myimage:latest

Nothing special… published port 10010 maps to exposed port 8080.

Running the service locally (docker run), I am able to do a telnet on the port, and everything works as expected.

With the service created, I try from another shell to telnet, using the machine’s public IP. Turns out, it doesn’t work. So I ssh into the machine, and try locally in there and… well, it works.

The machine does have a firewall, set up with ufw, so I add the port

ufw allow 10010/tcp
ufw reload
systemctl restart docker

Try again from another shell… doesn’t work. I even restarted the machine, still didn’t work.

I do have a separate cluster for tests, so I go into that one and I do exactly the same thing and… well, it works. I compared settings, all the same, compared firewall settings, all the same… so why in hell isn’t this working on the first cluster??

Maybe someone has any idea??

Server Version: 17.12.0-ce
containerd version: 89623f28b87a6004d4b785663257362d1658a729
runc version: b2567b37d7b75eb4cf325b77297b140ea686ce8f
init version: 949e6fa
Kernel Version: 4.4.0-109-generic
Operating System: Ubuntu 16.04.3 LTS
OSType: linux
Architecture: x86_64

Cheers!

Going to answer my own post, as the issue was not with docker or linux. There was an external firewall, so I’ll be banging my head onto the wall now.

Cheers!