mpolden
port check believes port is unreachable, but it isn't
If I request, e.g. https://ifconfig.co/port/3389, it seems to believe my ports (on a local IPv6 address) are unreachable, but I don't think it's actually tried in any way. If I use tcpdump -i inboundinterface -n tcp port 3389 to monitor traffic on the local router, I don't see any TCP SYN packets arriving from anywhere to test whether the port is open. I have my own copy of mpolden/echoip:latest running in docker on a DigitalOcean instance which exhibits the same behavior.
However, the port is definitely open. I can reach the port via nmap/netcat on the command line in the same DigitalOcean instance (and I do see the requests in tcpdump as I'd expect).
I looked at the code and it seems like LookupPort is doing the right thing, though maybe it should be using JoinHostPort instead of fmt.Sprintf to create the address string. But I don't think that's actually preventing it from working.
Any ideas where things are going wrong?
Aha, it's a docker config issue. The container didn't have an IPv6 address, so it wasn't able to attempt any port probing.
If I add this to /etc/docker/daemon.json (to assign an IPv6 ULA range to the docker0 interface):
{
"ipv6": true,
"fixed-cidr-v6": "fdc2:6fec:de8d:c458::/64"
}
and then update my firewall rules to allow the docker0->internet traffic (and NAT it), it is able to probe successfully.
Actually should probably leave this open so that the config on ifconfig.co can be updated to work with IPv6 port probing.
For https://ifconfig.co it's due to a limitation of the current hosting provider, but it should hopefully be resolved soon.
