Docker access with wireguard

    I have docker running on my Libreelec (nightly-20240109-724a6f8 (Generic-legacy.x86_64))

    I run jellyfin and adguard in docker, however if I try to port forward from my router to my jellyfin to make it accessible over the internet it doesn't work

    if I nmap to my ddns domain it just shows port 80 and 443

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    default ttrouter.lan 0.0.0.0 UG 0 0 0 eth0
    10.11.0.0 * 255.255.0.0 U 0 0 0 wg0
    10.11.50.2 * 255.255.255.255 UH 0 0 0 wg0
    10.11.50.24 * 255.255.255.255 UH 0 0 0 wg0
    10.11.50.25 * 255.255.255.255 UH 0 0 0 wg0
    172.17.0.0 * 255.255.0.0 U 0 0 0 docker0
    172.18.0.0 * 255.255.0.0 U 0 0 0 br-a473829e64f9
    192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
    192.168.1.1 * 255.255.255.255 UH 0 0 0 eth0
    192.168.10.0 * 255.255.255.0 U 0 0 0 wg0
    212.xxx.xxx.xxx ttrouter.lan 255.255.255.255 UGH 0 0 0 eth0

    I have a script that puts the default route back to eth0 but it still doesn't work

    #!/bin/bash
    connmanctl disconnect vpn_212_xxx_xxx_xxx
    connmanctl connect vpn_212_xxx.xxx.xxx
    /usr/bin/connmanctl move-after vpn_212_xxx.xxx.xxx ethernet_d8cb8a606606_cable
    /usr/bin/connmanctl move-after vpn_212_xxx.xxx.xxx ethernet_d8cb8a606606_cable
    /usr/sbin/ip route add 10.11.0.0/16 dev wg0
    /usr/sbin/sysctl -w net.ipv4.ip_forward=1
    /usr/sbin/route delete default gw 0.0.0.0 dev wg0
    /usr/sbin/route add default gw 192.168.1.1 eth0
    sleep 3
    docker container restart f20df52d0a6a <---- adguard container

    Am I missing something fundamental here ?


    if you need more information to help diagnose please ask and I'll provide what I can


    Thanks in advance

    So basically it could be the fact that the docker network is using the old route hence why it's not being seen via the port forward ?

    Hmmm I've tried systemctl restart docker but it's staying up

    I can console into jellyfin (via portainer) and ping from it to my wireguard IP in libreelec 192.168.10.3 and the eth0 IP 192.168.1.175 and my home router IP 192.168.1.1 I can even ping my other network over the wg0 interface where the wireguard server is and also my ddns domain, they all respond with pings, so I'm stumped as to why it won't work

    Edited 2 times, last by draconis244: Merged a post created by draconis244 into this post. (January 18, 2024 at 12:11 PM).

    The sequence would be: Stop container > Restart Docker > Start container .. not just restart Container or Docker. No ideas if that's the issue but I've seen similar things in the past (and admins restarting things in the wrong sequence resulting in no change).