4

So, I'm calling a web-site (e.g https://ipinfo.io/ip) from dockerfile. Also I want to pass this traffic from ssh local port-forward tunnel.

so what I did,

  1. create ssh tunnel 
sudo ssh -N -L 0.0.0.0:443:ipinfo.io:443  my-username@xx.xx.xx.xx
  1. add ipinfo in /etc/hosts
127.0.0.1 ipinfo.io
  1. create a Dockerfile like
FROM alpine


RUN apk add curl 

RUN curl https://ipinfo.io/ip

so what happened ipinfo.io could resolve in loopback, but doesn't go through ssh tunnel. How could I call ipinfo.io from docker, so that it goes through ssh tunnel?

P.S: I'm using macOS High Sierra

Abu Hanifa
  • 2,857
  • 2
  • 22
  • 38
  • "but doesn't go through ssh tunnel" Exactly what happens when you try? Do you get error messages? What do they say? – Kenster Mar 10 '20 at 19:55
  • it shows connection refuse – Abu Hanifa Mar 10 '20 at 20:14
  • 1
    Container to host communication is prohibited due to security reasons. Instead create another container which will create the tunnel. See [my answer](https://stackoverflow.com/a/60430524/997162) on this topic. – Mike Doe Mar 15 '20 at 16:47
  • you might be able to talk to host by using [host network](https://docs.docker.com/network/network-tutorial-host/) driver. Is it an option for you? – timur Mar 16 '20 at 14:06
  • tried with host network. its not working for me. you could try and check, if you can work that out – Abu Hanifa Mar 16 '20 at 14:35

1 Answers1

4

Here are the things I did to get it working:

  1. Used IP address of ipinfo.io instead of using the hostname in the ssh command
sudo ssh -g -N -L 0.0.0.0:443:216.239.38.21:443 my-username@xx.xx.xx.xx
  1. Used the below Dockerfile:
FROM alpine


RUN apk add curl
RUN cat /etc/hosts

RUN curl -v https://ipinfo.io/ip
  1. Performed build using the below command, where I mapped ipinfo.io to an IP my local machine (in this case the IP of virtual interface for docker):
docker build --add-host ipinfo.io:172.17.0.1 -t test:0.0.1 .
  1. Sample output:
Step 3/4 : RUN cat /etc/hosts
 ---> Running in b7384b27c1a5
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.1      ipinfo.io
172.17.0.2      b7384b27c1a5
Removing intermediate container b7384b27c1a5
 ---> 2a8b062984b8
Step 4/4 : RUN curl -v https://ipinfo.io/ip
 ---> Running in 0fa2c413ab2c
Trying 172.17.0.1:443...
* TCP_NODELAY set
* Connected to ipinfo.io (172.17.0.1) port 443 (#0)
...
> GET /ip HTTP/2
> Host: ipinfo.io
> User-Agent: curl/7.66.0
> Accept: */*
>
...
< HTTP/2 200
< date: Fri, 20 Mar 2020 15:27:12 GMT
< content-type: text/html; charset=utf-8
< content-length: 14
< access-control-allow-origin: *
< x-frame-options: DENY
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< referrer-policy: strict-origin-when-cross-origin
< via: 1.1 google
<
37.42.143.111
...

I think there might be a need to enable GatewayPorts in the sshd_config and restarting the sshd for this to work.

ahasbini
  • 6,761
  • 2
  • 29
  • 45
  • thanks for the answer, but Its not working for me. I've tried with enabling `GatewayPorts ` also. another thing I'm using mac OS – Abu Hanifa Mar 20 '20 at 23:55
  • did you remove the `127.0.0.1 ipinfo.io` from your `/etc/hosts`? Also could you run the command `ifconfig` and share them in your question just to be sure – ahasbini Mar 21 '20 at 11:26
  • I've removed from `/etc/hosts`. didn't work. also I'm using macOs High Sierra. whats your OS? – Abu Hanifa Mar 22 '20 at 16:57
  • It's boot2docker tcl linux vm on windows, so what are you getting as output of the `docker build` command? – ahasbini Mar 23 '20 at 19:54
  • Thanks for the `-g` key. It allows to connect from other containers. – IStranger Oct 14 '20 at 14:12