UFW blocking ICE connection about neko-rooms HOT 16 CLOSED

I have tried podman and it seems more secure than docker. But I don't have it in my test environment yet. I am going to play with it in the future and see, if I can replicate this problem.

from neko-rooms.

You may already know this, but just an FYI, if you want to run docker in a podman container, I believe you have to run it --privileged. I tried without and it complained...

from neko-rooms.

Did you install it with install script? Here can be many networks issues:

• Do you have correctly forwarded ports to your public IP too?
• Are forwarded ports UDP as well?
• Are you not behind NAT?

from neko-rooms.

@m1k1o

I installed it manually. It works fine when ufw is disabled, but when ufw is enabled it can't connect.

from neko-rooms.

I have no idea but for some reason ufw being on is breaking it.

from neko-rooms.

There are no additional ports being used, expect your frontend (in your case tcp 80, tcp 443) and chosen EPR (udp 59000-59049). Since UDP is stateless, it needs to be allowed bidirectionally. Not sure if that is automatically handled by UFW.

I guess you already tried some stackoverflow hints. Maybe you can drop here your config from ufw status or check if IPv4 is set correctly over IPv6.

from neko-rooms.

https://i.imgur.com/uIc3CVA.png

I have 100 ports open instead of the default 50 btw

from neko-rooms.

I believe the exact error is:

WebRTC: ICE failed, add a STUN server and see about:webrtc for more details

EDIT: I even added the udp ports as outgoing as well with ufw and it still doesn't work :/

EDIT 2: I'll try the stack overflow troubleshooting steps that you mentioned.

EDIT 3: Nope. I did the troubleshooting steps and same thing is happening. As soon as I type ufw disable neko loads just fine...

Therefore its gotta be ufw causing the issue here.

Keep in mind the admin panel loads just fine regardless, its the actual neko rooms that refuse to load and throw an error with ufw enabled...

from neko-rooms.

BTW: I am running the neko rooms instance in a privileged podman container to have better control over multiple services on the machine, but none of the other services are running and the ports are all forwarded correctly from the podman container to the host, and then from the host to the router.

Therefore I don't think that would effect things much with the proof being that it works perfectly fine with ufw disabled...

from neko-rooms.

That everything seems to be fine. I am going to try with ufw myself, if I can replicate your problem.

Is there a chance, that your ufw is blocking outbound connections to get the IP address? It needs to connect to http://checkip.amazonaws.com. Could you try, if you can reach that page from your system when ufw is enabled? You can see it in your initial logs, when neko starts, if there is your correct IP. Of course, if you are passing your external IP with NEKO_ROOMS_NAT1TO1 then that is irrelevant for you and you should get correct IP.

Update: I tried ufw. It turns out that Docker makes changes directly on your iptables, which are not shown with ufw status. Meaning, it did not have any effect on my setup and all ports were exposed. I am not sure how does handle that podman.

from neko-rooms.

Hmm... not sure. I cant ping checkip.amazonaws.com neither on the server or on my personal pc. But amazonaws.com works.

from neko-rooms.

Podman is basically Red Hat's version of Docker, which, I personally like a lot better. Its possible it also does something to the ip tables that is causing some sort of a confliction with ufw.

For now ill just not use ufw and maybe mess around with it more in the future.

from neko-rooms.

This is the only app on my server preventing me from enabling ufw. I allowed 80/tcp as well as 59000:59099/udp (100 ports) and i get an error about not being to establish the ICE connection...

from neko-rooms.

Nevermind I think I found the issue...

from neko-rooms.

Nevermind I think I found the issue...

Could you please provide the fix?

from neko-rooms.

issue...

I've had this issue with other programs and it seems to be ufw's fault. You can either use iptables directly or I believe there is an option to enable forwarding on ufw which can also solve the issue.

from neko-rooms.