Problems with UPnP Inside Docker Container (RT-AC88U)

[David B]

On my personal server running Linux, I run a self-written program that uses the `upnpc` command to open an additional UDP port to point to my OpenVPN server running on UDP 1194. For quite some time now, I have used this program directly on the server without any issues aside from dependencies breaking on occasion. To finally fix the dependency breakage, I recently moved the application to a Docker container, and I am having problems with the UPnP component of the application. The problem is that, when a `upnpc` command is executed, the command will succeed and the router (ASUS RT-AC88U) will show the port as open in the list of ports opened via UPnP, but trying to access the application via that port will fail. Manually opening that port through the router's UI works fine, however.

Here is an example of the `upnpc` command that I am trying to use:

upnpc -e "OpenVPN - UDP 1195" -a 192.168.1.169 1194 1195 UDP

One common reason for UPnP to not work from inside a Docker container is because the container is running in bridged networking mode instead of host networking mode. This is not the case for this container however, as the container is running in host networking mode. If it was running in bridged, the `upnpc` command that I shared above would not work at all, as it would fail to find the router.

I should also note that I have several other Docker containers which also run on the same server that make use of UPnP, and they are all fine. Those containers are not running self-built applications though. I am also confident that the issue does not lie in the service to which I am trying to forward, as I have tried forwarding to other services running on the server, and hit the same issue.

Does anyone have any advice on how to proceed with attempting to fix this?

 

[ColinTaylor]

Basic question - you are testing this from the internet side of your router and not your LAN?

 

[David B]

Basic question - you are testing this from the internet side of your router and not your LAN?

I am indeed!

 

[David B]

No ideas?

 

[David B]

@RMerlin If you have any advice on this, it would be greatly appreciated! Thank you.

 

[bbunge]

UPnP, as well as port forwarding, is a security risk. And so is running OpenVPN on the default port. And trying to run programs in Docker can be really problematic. I gave up on all three a long time ago...

 

[David B]

UPnP, as well as port forwarding, is a security risk. And so is running OpenVPN on the default port. And trying to run programs in Docker can be really problematic. I gave up on all three a long time ago...

UPnP is a security risk if you "set it and forget it". I monitor mine constantly. Running OpenVPN on the default port isn't less secure than running any other port, but you are more likely to get garbage traffic. As for Docker, I actually really love it. It's much easier to maintain applications I run. This UPnP thing is the only exception to that. I used to run this application outside of Docker and it worked, but I always has dependency issues after taking Linux upgrades, so I decided to Dockerize to resolve it. Sadly, it seems the cure is worse than the disease.