Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

php-fpm v1.91 issue after update #6215

Open
5 tasks done
The-Inamati opened this issue Dec 16, 2024 · 4 comments
Open
5 tasks done

php-fpm v1.91 issue after update #6215

The-Inamati opened this issue Dec 16, 2024 · 4 comments
Labels

Comments

@The-Inamati
Copy link

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

Hello,

I have just updated my mailcow to the most recent version and it won't start back up. I can only reach the what is happening page. 

If I revert the php-fpm image to 1.87 it starts working again. I can also replicate this in a test VM if you want. I have seen similar issues reported already but no fix worked until now.

Logs:

rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
rspamd-mailcow-1     | Waiting for PHP on port 9001...
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
php-fpm-mailcow-1    | Could not get mysql-mailcow container id... trying again
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 4190: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 24: Connection refused
watchdog-mailcow-1   | SMTP CRITICAL - 0.000 sec. response time|time=0.000094s;;;0.000000
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 993: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 143: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 10001: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 4190: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 24: Connection refused
watchdog-mailcow-1   | SMTP CRITICAL - 0.000 sec. response time|time=0.000105s;;;0.000000
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 993: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 143: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 10001: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 4190: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 24: Connection refused
watchdog-mailcow-1   | SMTP CRITICAL - 0.000 sec. response time|time=0.000093s;;;0.000000
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 993: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 143: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 10001: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 4190: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 24: Connection refused
watchdog-mailcow-1   | SMTP CRITICAL - 0.000 sec. response time|time=0.000055s;;;0.000000
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 993: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 143: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 10001: Connection refused
watchdog-mailcow-1   | connect to address 10.10.60.250 and port 4190: Connection refused
watchdog-mailcow-1   | Mon Dec 16 21:46:45 WET 2024 Olefy health level: 100% (5/5), health trend: 0
watchdog-mailcow-1   | Mon Dec 16 21:46:45 WET 2024 Dovecot health level: 17% (2/12), health trend: -10
watchdog-mailcow-1   | Mon Dec 16 21:46:52 WET 2024 Fail2ban health level: 100% (1/1), health trend: 0


### Steps to reproduce:

```plain text
1 - Update/Start a mailcow instance
2 - Only "What is Happening" page is reachable
3 - php container gets "stuck" trying to get mysql container id

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Ubuntu 24.04

Server/VM specifications:

7GB RAM / 4 Cores

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

Proxmox/KVM

Docker version:

27.3.1

docker-compose version or docker compose version:

v2.29.7

mailcow version:

2024-11b

Reverse proxy:

Traefik

Logs of git diff:

diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf
index c230c349..3a76a521 100644
--- a/data/conf/dovecot/dovecot.conf
+++ b/data/conf/dovecot/dovecot.conf
@@ -165,7 +165,7 @@ service lmtp {
   }
   user = vmail
 }
-listen = *,[::]
+listen = *
 ssl_cert = </etc/ssl/mail/cert.pem
 ssl_key = </etc/ssl/mail/key.pem
 userdb {
diff --git a/data/conf/nginx/dynmaps.conf b/data/conf/nginx/dynmaps.conf
index 99c0c6aa..91ecba07 100644
--- a/data/conf/nginx/dynmaps.conf
+++ b/data/conf/nginx/dynmaps.conf
@@ -1,6 +1,5 @@
 server {
   listen 8081;
-  listen [::]:8081;
   index index.php index.html;
   server_name _;
   error_log  /var/log/nginx/error.log;
diff --git a/data/conf/nginx/templates/listen_plain.template b/data/conf/nginx/templates/listen_plain.template
index a044b22f..68133480 100644
--- a/data/conf/nginx/templates/listen_plain.template
+++ b/data/conf/nginx/templates/listen_plain.template
@@ -1,2 +1 @@
 listen ${HTTP_PORT};
-listen [::]:${HTTP_PORT};
diff --git a/data/conf/nginx/templates/listen_ssl.template b/data/conf/nginx/templates/listen_ssl.template
index 40c402d0..413b20db 100644
--- a/data/conf/nginx/templates/listen_ssl.template
+++ b/data/conf/nginx/templates/listen_ssl.template
@@ -1,3 +1,2 @@
 listen ${HTTPS_PORT} ssl;
-listen [::]:${HTTPS_PORT} ssl;
 http2 on;
diff --git a/data/conf/phpfpm/php-fpm.d/pools.conf b/data/conf/phpfpm/php-fpm.d/pools.conf
index 605e686c..d6df1243 100644
--- a/data/conf/phpfpm/php-fpm.d/pools.conf
+++ b/data/conf/phpfpm/php-fpm.d/pools.conf
@@ -6,7 +6,7 @@ pm.max_children = 15
 pm.start_servers = 2
 pm.min_spare_servers = 2
 pm.max_spare_servers = 4
-listen = [::]:9001
+listen = 9001
 access.log = /proc/self/fd/2
 clear_env = no
 catch_workers_output = yes
@@ -21,7 +21,7 @@ pm.max_children = 50
 pm.start_servers = 10
 pm.min_spare_servers = 10
 pm.max_spare_servers = 15
-listen = [::]:9002
+listen = 9002
 access.log = /proc/self/fd/2
 clear_env = no
 catch_workers_output = yes
diff --git a/data/conf/postfix/main.cf b/data/conf/postfix/main.cf
index 6721204c..ec7cb0ae 100644
--- a/data/conf/postfix/main.cf
+++ b/data/conf/postfix/main.cf
@@ -175,3 +175,32 @@ lmtp_destination_recipient_limit=1
 
 # DO NOT EDIT ANYTHING BELOW #
 # Overrides #
+
+postscreen_dnsbl_sites = wl.mailspike.net=127.0.0.[18;19;20]*-2
+  hostkarma.junkemailfilter.com=127.0.0.1*-2
+  list.dnswl.org=127.0.[0..255].0*-2
+  list.dnswl.org=127.0.[0..255].1*-4
+  list.dnswl.org=127.0.[0..255].2*-6
+  list.dnswl.org=127.0.[0..255].3*-8
+  ix.dnsbl.manitu.net*2
+  bl.spamcop.net*2
+  bl.suomispam.net*2
+  hostkarma.junkemailfilter.com=127.0.0.2*3
+  hostkarma.junkemailfilter.com=127.0.0.4*2
+  hostkarma.junkemailfilter.com=127.0.1.2*1
+  backscatter.spameatingmonkey.net*2
+  bl.ipv6.spameatingmonkey.net*2
+  bl.spameatingmonkey.net*2
+  b.barracudacentral.org=127.0.0.2*7
+  bl.mailspike.net=127.0.0.2*5
+  bl.mailspike.net=127.0.0.[10;11;12]*4
+  e3k556wcmu6r5f3xtdpucbavfm.zen.dq.spamhaus.net=127.0.0.[4..7]*6
+  e3k556wcmu6r5f3xtdpucbavfm.zen.dq.spamhaus.net=127.0.0.[10;11]*8
+  e3k556wcmu6r5f3xtdpucbavfm.zen.dq.spamhaus.net=127.0.0.3*4
+  e3k556wcmu6r5f3xtdpucbavfm.zen.dq.spamhaus.net=127.0.0.2*3
+postscreen_dnsbl_reply_map = texthash:/opt/postfix/conf/dnsbl_reply.map
+
+# User Overrides
+myhostname = mail.undebug.xyz
+smtp_address_preference = ipv4
+inet_protocols = ipv4
diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 27110c04..90c16ee0 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -4,7 +4,7 @@ server:
   interface: ::0
   logfile: /dev/console
   do-ip4: yes
-  do-ip6: yes
+  do-ip6: no
   do-udp: yes
   do-tcp: yes
   do-daemonize: no
diff --git a/docker-compose.yml b/docker-compose.yml
index b0324521..81c70a87 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
       restart: always
       tty: true
       networks:
-        mailcow-network:
+        traefik:
           ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
           aliases:
             - unbound
@@ -37,7 +37,7 @@ services:
       ports:
         - "${SQL_PORT:-127.0.0.1:13306}:3306"
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - mysql
 
@@ -55,7 +55,7 @@ services:
       sysctls:
         - net.core.somaxconn=4096
       networks:
-        mailcow-network:
+        traefik:
           ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
           aliases:
             - redis
@@ -75,7 +75,7 @@ services:
         - ./data/conf/clamav/:/etc/clamav/:Z
         - clamd-db-vol-1:/var/lib/clamav
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - clamd
 
@@ -107,12 +107,12 @@ services:
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.91.1
+      image: mailcow/phpfpm:1.91
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -172,7 +172,7 @@ services:
         - FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-}
       restart: always
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - phpfpm
 
@@ -218,7 +218,7 @@ services:
         ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
       restart: always
       networks:
-        mailcow-network:
+        traefik:
           ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
           aliases:
             - sogo
@@ -302,7 +302,7 @@ services:
           soft: 20000
           hard: 40000
       networks:
-        mailcow-network:
+        traefik:
           ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
           aliases:
             - dovecot
@@ -342,7 +342,7 @@ services:
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       networks:
-        mailcow-network:
+        traefik:
           ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
           aliases:
             - postfix
@@ -353,7 +353,7 @@ services:
       environment:
         - TZ=${TZ}
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - memcached
 
@@ -398,7 +398,7 @@ services:
         - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
       restart: always
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - nginx
 @@ -440,7 +440,7 @@ services:
         - mysql-socket-vol-1:/var/run/mysqld/
       restart: always
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - acme
 
@@ -530,7 +530,7 @@ services:
         - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
         - MAILQ_CRIT=${MAILQ_CRIT:-30}
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - watchdog
 
@@ -549,7 +549,7 @@ services:
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock:ro
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - dockerapi
 
@@ -570,7 +570,7 @@ services:
         - SKIP_SOLR=${SKIP_SOLR:-y}
         - FLATCURVE_EXPERIMENTAL=${FLATCURVE_EXPERIMENTAL:-n}
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - solr
     ################################
@@ -589,7 +589,7 @@ services:
         - OLEFY_MINLENGTH=500
         - OLEFY_DEL_TMP=1
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - olefy
 
@@ -610,7 +610,7 @@ services:
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock:ro
       networks:
-        mailcow-network:
+        traefik:
           aliases:
             - ofelia
 
@@ -645,16 +645,11 @@ services:
         - /lib/modules:/lib/modules:ro
 
 networks:
-  mailcow-network:
+  traefik:
+    external: true
+    name: traefik
+  default:
     driver: bridge
-    driver_opts:
-      com.docker.network.bridge.name: br-mailcow
-    enable_ipv6: true
-    ipam:
-      driver: default
-      config:
-        - subnet: ${IPV4_NETWORK:-172.22.1}.0/24
-        - subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
 
 volumes:
   vmail-vol-1:


### Logs of iptables -L -vn:

```plain text
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
81155  183M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
  20M   17G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 8817  625K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  173  7164 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
 1591  287K UDP        udp  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
   99  4744 TCP        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 ctstate NEW
    0     0 ICMP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate NEW
 1591  287K REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
   94  4444 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with tcp-reset
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-proto-unreachable

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
74742   58M MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
  17M 9356M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  17M 9356M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
1626K 1523M ACCEPT     all  --  *      br-70c99570a37d  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
10154  609K DOCKER     all  --  *      br-70c99570a37d  0.0.0.0/0            0.0.0.0/0           
 135K  281M ACCEPT     all  --  br-70c99570a37d !br-70c99570a37d  0.0.0.0/0            0.0.0.0/0           
   39  2340 ACCEPT     all  --  br-70c99570a37d br-70c99570a37d  0.0.0.0/0            0.0.0.0/0           
8614K 6776M ACCEPT     all  --  *      br-c7c2b781993e  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 698K   44M DOCKER     all  --  *      br-c7c2b781993e  0.0.0.0/0            0.0.0.0/0           
 688K   83M ACCEPT     all  --  br-c7c2b781993e !br-c7c2b781993e  0.0.0.0/0            0.0.0.0/0           
 693K   44M ACCEPT     all  --  br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            0.0.0.0/0           
5515K  637M ACCEPT     all  --  *      br-93a26ca8b515  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 9286  552K DOCKER     all  --  *      br-93a26ca8b515  0.0.0.0/0            0.0.0.0/0           
 123K   10M ACCEPT     all  --  br-93a26ca8b515 !br-93a26ca8b515  0.0.0.0/0            0.0.0.0/0           
 8998  540K ACCEPT     all  --  br-93a26ca8b515 br-93a26ca8b515  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 21M packets, 35G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !br-70c99570a37d br-70c99570a37d  0.0.0.0/0            10.10.62.3           tcp dpt:80
10067  604K ACCEPT     tcp  --  !br-70c99570a37d br-70c99570a37d  0.0.0.0/0            10.10.62.3           tcp dpt:443
    0     0 ACCEPT     tcp  --  !br-70c99570a37d br-70c99570a37d  0.0.0.0/0            10.10.62.3           tcp dpt:8082
   48  2856 ACCEPT     tcp  --  !br-70c99570a37d br-70c99570a37d  0.0.0.0/0            10.10.62.3           tcp dpt:8448
   25  1500 ACCEPT     tcp  --  !br-93a26ca8b515 br-93a26ca8b515  0.0.0.0/0            10.10.61.3           tcp dpt:3478
  239  8756 ACCEPT     udp  --  !br-93a26ca8b515 br-93a26ca8b515  0.0.0.0/0            10.10.61.3           udp dpt:3478
   24  1440 ACCEPT     tcp  --  !br-93a26ca8b515 br-93a26ca8b515  0.0.0.0/0            10.10.61.3           tcp dpt:5349
    0     0 ACCEPT     udp  --  !br-93a26ca8b515 br-93a26ca8b515  0.0.0.0/0            10.10.61.3           udp dpt:5349
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.6           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.7           tcp dpt:3306
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.250         tcp dpt:110
    2   120 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.250         tcp dpt:143
    5   300 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.250         tcp dpt:993
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.250         tcp dpt:995
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.250         tcp dpt:12345
    5   300 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.253         tcp dpt:25
    2   100 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.253         tcp dpt:465
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.253         tcp dpt:587
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.16          tcp dpt:8180
    0     0 ACCEPT     tcp  --  !br-c7c2b781993e br-c7c2b781993e  0.0.0.0/0            10.10.60.16          tcp dpt:8443

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
 135K  281M DOCKER-ISOLATION-STAGE-2  all  --  br-70c99570a37d !br-70c99570a37d  0.0.0.0/0            0.0.0.0/0           
 688K   83M DOCKER-ISOLATION-STAGE-2  all  --  br-c7c2b781993e !br-c7c2b781993e  0.0.0.0/0            0.0.0.0/0           
 123K   10M DOCKER-ISOLATION-STAGE-2  all  --  br-93a26ca8b515 !br-93a26ca8b515  0.0.0.0/0            0.0.0.0/0           
  17M 9356M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-70c99570a37d  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-c7c2b781993e  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-93a26ca8b515  0.0.0.0/0            0.0.0.0/0           
 946K  374M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  17M 9356M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ICMP (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain MAILCOW (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0            /* mailcow isolation */

Chain TCP (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    5   300 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22022

Chain UDP (1 references)
 pkts bytes target     prot opt in     out     source               destination   


### Logs of ip6tables -L -vn:

```plain text
IPv6 is disabled

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 940K packets, 67M bytes)
 pkts bytes target     prot opt in     out     source               destination         
14726  860K DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 5 packets, 300 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 7525 packets, 533K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 5109  367K DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 723K packets, 45M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
   11   640 MASQUERADE  all  --  *      br-70c99570a37d  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL
   15   900 MASQUERADE  all  --  *      !br-70c99570a37d  10.10.62.0/24        0.0.0.0/0           
  307 18392 MASQUERADE  all  --  *      br-c7c2b781993e  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL
 224K   18M MASQUERADE  all  --  *      !br-c7c2b781993e  10.10.60.0/24        0.0.0.0/0           
  172 10212 MASQUERADE  all  --  *      br-93a26ca8b515  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL
  184 11056 MASQUERADE  all  --  *      !br-93a26ca8b515  10.10.61.0/24        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       10.10.62.3           10.10.62.3           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       10.10.62.3           10.10.62.3           tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       10.10.62.3           10.10.62.3           tcp dpt:8082
    0     0 MASQUERADE  tcp  --  *      *       10.10.62.3           10.10.62.3           tcp dpt:8448
    0     0 MASQUERADE  tcp  --  *      *       10.10.61.3           10.10.61.3           tcp dpt:3478
    0     0 MASQUERADE  udp  --  *      *       10.10.61.3           10.10.61.3           udp dpt:3478
    0     0 MASQUERADE  tcp  --  *      *       10.10.61.3           10.10.61.3           tcp dpt:5349
    0     0 MASQUERADE  udp  --  *      *       10.10.61.3           10.10.61.3           udp dpt:5349
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.6           10.10.60.6           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.249         10.10.60.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.7           10.10.60.7           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.250         10.10.60.250         tcp dpt:110
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.250         10.10.60.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.250         10.10.60.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.250         10.10.60.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.250         10.10.60.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.250         10.10.60.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.253         10.10.60.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.253         10.10.60.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.253         10.10.60.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.16          10.10.60.16          tcp dpt:8180
    0     0 MASQUERADE  tcp  --  *      *       10.10.60.16          10.10.60.16          tcp dpt:8443

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:10.10.62.3:80
10067  604K DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:10.10.62.3:443
   10   600 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8082 to:10.10.62.3:8082
   48  2856 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8448 to:10.10.62.3:8448
   25  1500 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3478 to:10.10.61.3:3478
   32  1304 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:3478 to:10.10.61.3:3478
   24  1440 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5349 to:10.10.61.3:5349
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:5349 to:10.10.61.3:5349
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:10.10.60.6:8983
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:10.10.60.249:6379
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:10.10.60.7:3306
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:10.10.60.250:110
    2   120 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:10.10.60.250:143
    5   300 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:10.10.60.250:993
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:10.10.60.250:995
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:10.10.60.250:4190
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:10.10.60.250:12345
    5   300 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:10.10.60.253:25
    1    40 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:10.10.60.253:465
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:10.10.60.253:587
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8180 to:10.10.60.16:8180
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8443 to:10.10.60.16:8443


### Logs of ip6tables -L -vn -t nat:

```plain text
IPv6 is disabled

DNS check:

104.18.32.7
172.64.155.249
@DerLinkman
Copy link
Member

Basically duplicate of #5928 #6149

But can i maybe get access to your testvm to analyse what is causing this? I said 20000x times that i nowhere can reproduce this issue so it would be nice if i can hop on a server and see if i finally get a valid reason why it is happening.

@The-Inamati
Copy link
Author

Of course. I can set up a new VM with the issue so you can test. How can I get the details to you?

@DerLinkman
Copy link
Member

DerLinkman commented Dec 17, 2024

Bless you! Finally a testing machine where i can see the issue live!

Do you have telegram? if so, please write me a pm: https://t.me/derlinkman

If you don't have an telegram account please write us a e-mail to [email protected], i read them mainly so we will most likely write there at least.

@The-Inamati
Copy link
Author

Ok. I will prepare the VM and your access and will reach out on telegram when everything is ready

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants