I run all my docker containers on an old Mac Mini plugged into the router in a closet. It’s been super set and forget, especially once I learned to just completely skip the whole docker-desktop thing and focus only on docker-compose.
However, something recently changed - either the Mac updated or Docker updated but my network started acting up. The first culprit was my Deluge container, It could access WAN but no devices on LAN could access it.
The docker compose looks something like this:
# Truncated for brevity
services:
openvpn-client:
cap_add:
- NET_ADMIN
environment:
- SUBNETS=192.168.0.0/24
devices:
- /dev/net/tun
restart: unless-stopped
deluge:
depends_on:
openvpn-client:
condition: service_healthy
network_mode: service:openvpn-client
restart: unless-stoppedor as a diagram:
The environment variable SUBNETS tells the OpenVPN container which subnets to allow past the VPN, allowing local systems to access services running behind it. However, This just stopped working one day & I could no longer access any of the services running behind the VPN client anymore. I tried recreating everything, changing VPN containers, Downgrading Docker, none of it worked.
But today, PiHole came up in conversation. I remembered I had a PiHole instance I’d set up a while ago and I was excited to see the stats on it. But when I went to the admin panel it showed 0 active connections and nothing but errors about file permissions!
I recreated the PiHole container and swapped it to use named volumes in docker instead of file mounts since they were causing issues with the containers version of sed. The PiHole then complained about lots of non-local requests coming through?! What?! It was a 192.168.60.0/24 address which is a subnet I do not actively use. Just for sanity’s sake I checked what subnet Docker had been set up to use for bridging and lo and behold it was the exact same address range!
I have no idea how my setup was working before, I swear the PiHole used to show all devices connected. But I guess now I just have to allow that address range through. It makes sense now that I graph it out but I have zero clue how it used to work before.
I don’t do networking so a lot of this was purely coincidence that I stumbled onto an answer.
I’d resorted to docker exec -i deluge-console to manage my Linux ISO’s…
The offending docker versions are 4.23.0 & 4.24.0, and I’m on macOS Ventura with an older Intel Mac Mini. I still have no idea what’s changed, if you’re reading this and know the answer please contact me!