Grey
AAdmincraft
•Created by Grey on 7/31/2023 in #questions
Minecraft Docker rewriting IP tables
Running a minecraft server in a docker container on an Alma Linux VM and I noticed a weird issue when I reloaded my firewall rules after blocking an IP address. Players are able to ping and connect to the server, but get kicked out because "the auth servers are not available".
In the logs, it looks like players are connecting from a 172.0.x.x address instead of their public IPv4.
After doing some more digging, it looks like Docker and the software firewall I am using (CSF) are both rewriting the iptables chains, so the routing for the docker proxy service gets wonky.
After restarting the Docker daemon, everything works fine again, but it turns out CSF is being bypassed by the docker port forwarding rules.
I am a noob at iptables. Can anyone point me in the right direction of how to get my docker container behind CSF properly? From what I have found online, I either need a pre script or post script for csf to make sure the iptables stuff for Docker is not overwritten. Anyone have any examples?
12 replies