Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update 2024 - mailcowdockerized-unbound-mailcow-1 is unhealthy #5651

Closed
5 tasks done
Green2Matter opened this issue Jan 18, 2024 · 1 comment · Fixed by #5652
Closed
5 tasks done

Update 2024 - mailcowdockerized-unbound-mailcow-1 is unhealthy #5651

Green2Matter opened this issue Jan 18, 2024 · 1 comment · Fixed by #5652
Labels
bug

Comments

@Green2Matter
Copy link

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

After updating to 2024-01 (same is for 2024-01a) unbound becomes unhealthy:
dependency failed to start: container mailcowdockerized-unbound-mailcow-1 is unhealthy

As I didn't make snapshot/backup prior to update - I restored mailcow by manually editing docker.compose (quick workaround) and changed/downgraded version tags of updated containers.

Logs:

Starting mailcow...
[+] Running 19/19
 ✔ Network mailcowdockerized_mailcow-network        Created                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-solr-mailcow-1       Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-olefy-mailcow-1      Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-redis-mailcow-1      Started                                                                                                                                                       0.1s 
 ✘ Container mailcowdockerized-unbound-mailcow-1    Error                                                                                                                                                         0.1s 
 ✔ Container mailcowdockerized-memcached-mailcow-1  Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-dockerapi-mailcow-1  Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-sogo-mailcow-1       Started                                                                                                                                                       0.1s 
 ✔ Container mailcowdockerized-clamd-mailcow-1      Created                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-mysql-mailcow-1      Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-php-fpm-mailcow-1    Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-nginx-mailcow-1      Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-postfix-mailcow-1    Created                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-dovecot-mailcow-1    Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-acme-mailcow-1       Created                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-netfilter-mailcow-1  Created                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-rspamd-mailcow-1     Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-ofelia-mailcow-1     Started                                                                                                                                                       0.0s 
 ✔ Container mailcowdockerized-watchdog-mailcow-1   Created                                                                                                                                                       0.0s 
dependency failed to start: container mailcowdockerized-unbound-mailcow-1 is unhealthy


docker compose logs --tail=200 unbound-mailcow
mailcowdockerized-unbound-mailcow-1  | Setting console permissions...
mailcowdockerized-unbound-mailcow-1  | Receiving anchor key...
mailcowdockerized-unbound-mailcow-1  | Receiving root hints...
######################################################################## 100.0%                                       
mailcowdockerized-unbound-mailcow-1  | setup in directory /etc/unbound
mailcowdockerized-unbound-mailcow-1  | Certificate request self-signature ok
mailcowdockerized-unbound-mailcow-1  | subject=CN = unbound-control
mailcowdockerized-unbound-mailcow-1  | removing artifacts
mailcowdockerized-unbound-mailcow-1  | Setup success. Certificates created. Enable in unbound.conf file to use
mailcowdockerized-unbound-mailcow-1  | [1705513767] unbound[1:0] notice: init module 0: validator
mailcowdockerized-unbound-mailcow-1  | [1705513767] unbound[1:0] notice: init module 1: iterator
mailcowdockerized-unbound-mailcow-1  | [1705513767] unbound[1:0] info: start of service (unbound 1.19.0).
mailcowdockerized-unbound-mailcow-1  | [1705513768] unbound[1:0] info: generate keytag query _ta-4f66. NULL IN

Steps to reproduce:

1/ Run update.sh

Which branch are you using?

master

Operating System:

22.04.3 LTS

Server/VM specifications:

20 GB, 6 cores

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

KVM

Docker version:

24.0.7

docker-compose version or docker compose version:

v2.21.0

mailcow version:

2024-01

Reverse proxy:

Nginx

Logs of git diff:

diff --git a/docker-compose.yml b/docker-compose.yml
index 26a0cfe1..f45120c9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '2.1'
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.19
+      image: mailcow/unbound:1.18
       environment:
         - TZ=${TZ}
       volumes:
@@ -58,7 +58,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.64
+      image: mailcow/clamd:1.63
       restart: always
       depends_on:
         unbound-mailcow:
@@ -77,7 +77,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.95
+      image: mailcow/rspamd:1.94
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -107,7 +107,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.86
+      image: mailcow/phpfpm:1.85
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -171,7 +171,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.121
+      image: mailcow/sogo:1.120
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -218,7 +218,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.27
+      image: mailcow/dovecot:1.26
       depends_on:
         - mysql-mailcow
       dns:
@@ -298,7 +298,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.74
+      image: mailcow/postfix:1.73
       depends_on:
         mysql-mailcow:
           condition: service_started
@@ -398,7 +398,7 @@ services:
           condition: service_started
         unbound-mailcow:
           condition: service_healthy
-      image: mailcow/acme:1.86
+      image: mailcow/acme:1.85
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -434,7 +434,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.55
+      image: mailcow/netfilter:1.54
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -457,7 +457,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:2.01
+      image: mailcow/watchdog:2.00
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -529,7 +529,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.07
+      image: mailcow/dockerapi:2.06
       security_opt:
         - label=disable
       restart: always
@@ -550,7 +550,7 @@ services:
     
     ##### Will be removed soon #####
     solr-mailcow:
-      image: mailcow/solr:1.8.2
+      image: mailcow/solr:1.8.1
       restart: always
       volumes:
         - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
@@ -567,7 +567,7 @@ services:
     ################################
 
     olefy-mailcow:
-      image: mailcow/olefy:1.12
+      image: mailcow/olefy:1.11
       restart: always
       environment:
         - TZ=${TZ}
@@ -604,36 +604,6 @@ services:
           aliases:
             - ofelia

Logs of iptables -L -vn:

# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  24M   43G MAILCOW    all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* mailcow */
  24M   43G DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  24M   43G DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 105K   49M ACCEPT     all  --  *      br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  364 22248 DOCKER     all  --  *      br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
 5372 9715K ACCEPT     all  --  br-08bd5adc9082 !br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
  262 15720 ACCEPT     all  --  br-08bd5adc9082 br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
1432K  472M ACCEPT     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 136K 8469K DOCKER     all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
 161K   33M ACCEPT     all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
 133K 8280K ACCEPT     all  --  br-mailcow br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0           
  81M  146G ACCEPT     all  --  *      br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   74 10824 DOCKER     all  --  *      br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
 718K   75M ACCEPT     all  --  br-e06b97a5bfb7 !br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
   74 10824 ACCEPT     all  --  br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
5988K 2504M ACCEPT     all  --  *      br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
 166K 9931K DOCKER     all  --  *      br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           
 243K  864M ACCEPT     all  --  br-b86109ccaa67 !br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           
 148K 8882K ACCEPT     all  --  br-b86109ccaa67 br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.2           tcp dpt:8081
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.2           tcp dpt:8080
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.3           tcp dpt:8083
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.5           tcp dpt:5432
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.6           tcp dpt:80
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.7           tcp dpt:8080
17479 1049K ACCEPT     tcp  --  !br-b86109ccaa67 br-b86109ccaa67  0.0.0.0/0            172.24.0.8           tcp dpt:11000
    0     0 ACCEPT     tcp  --  !br-e06b97a5bfb7 br-e06b97a5bfb7  0.0.0.0/0            172.21.0.9           tcp dpt:8080
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.249         tcp dpt:6379
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.2           tcp dpt:8983
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.7           tcp dpt:3306
 1276 81781 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.8           tcp dpt:443
  226 11752 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.8           tcp dpt:80
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:12345
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:4190
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:995
 1064 72755 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:993
    1    64 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:143
    0     0 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.250         tcp dpt:110
   98  6000 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.253         tcp dpt:587
   64  3684 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.253         tcp dpt:465
  239 12936 ACCEPT     tcp  --  !br-mailcow br-mailcow  0.0.0.0/0            10.10.10.253         tcp dpt:25
   18  1152 ACCEPT     tcp  --  !br-08bd5adc9082 br-08bd5adc9082  0.0.0.0/0            172.19.0.6           tcp dpt:8000

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5372 9715K DOCKER-ISOLATION-STAGE-2  all  --  br-08bd5adc9082 !br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
 161K   33M DOCKER-ISOLATION-STAGE-2  all  --  br-mailcow !br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0           
 718K   75M DOCKER-ISOLATION-STAGE-2  all  --  br-e06b97a5bfb7 !br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
 243K  864M DOCKER-ISOLATION-STAGE-2  all  --  br-b86109ccaa67 !br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           
  90M  150G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-ISOLATION-STAGE-2 (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      br-08bd5adc9082  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-mailcow  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-e06b97a5bfb7  0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      br-b86109ccaa67  0.0.0.0/0            0.0.0.0/0           
1143K  985M RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  90M  150G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       212.70.149.68        0.0.0.0/0           
    0     0 DROP       all  --  *      *       212.70.149.67        0.0.0.0/0

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
80332   85M MAILCOW    all      *      *       ::/0                 ::/0                 /* mailcow */
80332   85M DOCKER-USER  all      *      *       ::/0                 ::/0                
 298K  327M DOCKER-ISOLATION-STAGE-1  all      *      *       ::/0                 ::/0                
 242K  323M ACCEPT     all      *      br-mailcow  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
45066 3186K DOCKER     all      *      br-mailcow  ::/0                 ::/0                
10550 1046K ACCEPT     all      br-mailcow !br-mailcow  ::/0                 ::/0                
45064 3186K ACCEPT     all      br-mailcow br-mailcow  ::/0                 ::/0                
    0     0 ACCEPT     all      *      docker0  ::/0                 ::/0                 ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all      *      docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 !docker0  ::/0                 ::/0                
    0     0 ACCEPT     all      docker0 docker0  ::/0                 ::/0                

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:4190
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:995
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:993
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:143
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::c  tcp dpt:110
    1    80 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:587
    1    80 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 ACCEPT     tcp      !br-mailcow br-mailcow  ::/0                 fd4d:6169:6c63:6f77::10  tcp dpt:25

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-08bd5adc9082 !br-08bd5adc9082  ::/0                 ::/0                
10550 1046K DOCKER-ISOLATION-STAGE-2  all      br-mailcow !br-mailcow  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      docker0 !docker0  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-e06b97a5bfb7 !br-e06b97a5bfb7  ::/0                 ::/0                
    0     0 DOCKER-ISOLATION-STAGE-2  all      br-b86109ccaa67 !br-b86109ccaa67  ::/0                 ::/0                
 316K  329M RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-ISOLATION-STAGE-2 (5 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all      *      br-08bd5adc9082  ::/0                 ::/0                
    0     0 DROP       all      *      br-mailcow  ::/0                 ::/0                
    0     0 DROP       all      *      docker0  ::/0                 ::/0                
    0     0 DROP       all      *      br-e06b97a5bfb7  ::/0                 ::/0                
    0     0 DROP       all      *      br-b86109ccaa67  ::/0                 ::/0                
11448 1139K RETURN     all      *      *       ::/0                 ::/0                

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 316K  329M RETURN     all      *      *       ::/0                 ::/0                

Chain MAILCOW (1 references)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
23947 1454K DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   360 MASQUERADE  all  --  *      !br-08bd5adc9082  172.19.0.0/16        0.0.0.0/0           
59439 4445K MASQUERADE  all  --  *      !br-mailcow  10.10.10.0/24        0.0.0.0/0           
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0           
50962 2473K MASQUERADE  all  --  *      !br-e06b97a5bfb7  172.21.0.0/16        0.0.0.0/0           
 2728  164K MASQUERADE  all  --  *      !br-b86109ccaa67  172.24.0.0/16        0.0.0.0/0           
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.2           172.21.0.2           tcp dpt:8081
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.2           172.21.0.2           tcp dpt:8080
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.3           172.21.0.3           tcp dpt:8083
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.5           172.21.0.5           tcp dpt:5432
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.6           172.21.0.6           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.7           172.21.0.7           tcp dpt:8080
    0     0 MASQUERADE  tcp  --  *      *       172.24.0.8           172.24.0.8           tcp dpt:11000
    0     0 MASQUERADE  tcp  --  *      *       172.21.0.9           172.21.0.9           tcp dpt:8080
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.249         10.10.10.249         tcp dpt:6379
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.2           10.10.10.2           tcp dpt:8983
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.7           10.10.10.7           tcp dpt:3306
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.8           10.10.10.8           tcp dpt:443
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.8           10.10.10.8           tcp dpt:80
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:12345
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:4190
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:995
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:993
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:143
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.250         10.10.10.250         tcp dpt:110
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.253         10.10.10.253         tcp dpt:587
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.253         10.10.10.253         tcp dpt:465
    0     0 MASQUERADE  tcp  --  *      *       10.10.10.253         10.10.10.253         tcp dpt:25
    0     0 MASQUERADE  tcp  --  *      *       172.19.0.6           172.19.0.6           tcp dpt:8000

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all  --  br-08bd5adc9082 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  br-mailcow *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0           
  126  7560 RETURN     all  --  br-b86109ccaa67 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8081 to:172.21.0.2:8081
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8082 to:172.21.0.2:8080
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8083 to:172.21.0.3:8083
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5432 to:172.21.0.5:5432
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            172.16.1.20          tcp dpt:8080 to:172.21.0.6:80
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8084 to:172.21.0.7:8080
17513 1051K DNAT       tcp  --  !br-b86109ccaa67 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:11000 to:172.24.0.8:11000
    0     0 DNAT       tcp  --  !br-e06b97a5bfb7 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1080 to:172.21.0.9:8080
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:7654 to:10.10.10.249:6379
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:18983 to:10.10.10.2:8983
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:13306 to:10.10.10.7:3306
 1276 81781 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            172.16.1.20          tcp dpt:443 to:10.10.10.8:443
  226 11752 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            172.16.1.20          tcp dpt:80 to:10.10.10.8:80
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            127.0.0.1            tcp dpt:19991 to:10.10.10.250:12345
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4190 to:10.10.10.250:4190
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:995 to:10.10.10.250:995
 1064 72755 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:993 to:10.10.10.250:993
    1    64 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:143 to:10.10.10.250:143
    0     0 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 to:10.10.10.250:110
   98  6000 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:587 to:10.10.10.253:587
 2650  159K DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:465 to:10.10.10.253:465
  239 12936 DNAT       tcp  --  !br-mailcow *       0.0.0.0/0            0.0.0.0/0            tcp dpt:25 to:10.10.10.253:25
   18  1152 DNAT       tcp  --  !br-08bd5adc9082 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8000 to:172.19.0.6:8000

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   508 DOCKER     all      *      *       ::/0                 ::/0                 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DOCKER     all      *      *       ::/0                !::1                  ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 9752  932K MASQUERADE  all      *      !br-mailcow  fd4d:6169:6c63:6f77::/64  ::/0                
    0     0 MASQUERADE  all      *      !docker0  fd00:dead:beef:c0::/80  ::/0                
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:4190
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:995
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:993
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:143
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::c  fd4d:6169:6c63:6f77::c  tcp dpt:110
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:587
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:465
    0     0 MASQUERADE  tcp      *      *       fd4d:6169:6c63:6f77::10  fd4d:6169:6c63:6f77::10  tcp dpt:25

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 RETURN     all      br-mailcow *       ::/0                 ::/0                
    0     0 RETURN     all      docker0 *       ::/0                 ::/0                
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:4190 to:[fd4d:6169:6c63:6f77::c]:4190
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:995 to:[fd4d:6169:6c63:6f77::c]:995
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:993 to:[fd4d:6169:6c63:6f77::c]:993
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:143 to:[fd4d:6169:6c63:6f77::c]:143
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:110 to:[fd4d:6169:6c63:6f77::c]:110
    1    80 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:587 to:[fd4d:6169:6c63:6f77::10]:587
    1    80 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:465 to:[fd4d:6169:6c63:6f77::10]:465
    0     0 DNAT       tcp      !br-mailcow *       ::/0                 ::/0                 tcp dpt:25 to:[fd4d:6169:6c63:6f77::10]:25

DNS check:

104.18.32.7
172.64.155.249
@DerLinkman
Copy link
Member

Duplicate of: #5649

@KagurazakaNyaa KagurazakaNyaa mentioned this issue Jan 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow user skip unbound healthcheck
2 participants
@DerLinkman @Green2Matter