Issue
Cannot access forwarded port on container from other containers in Docker network
On the Docker container A executed command to open the ssh tunnel to forward 3306 port from remote MySQL server to container.
ssh -4 -NL 3306:127.0.0.1:3306 "${SSH_USER}@${MONOLITH_IP}"
It's accesible from inside container A.
telnet 127.0.0.1:3306
Connected to 127.0.0.1:3306
netstat -lnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
But it's not accessible from container B
telnet A 3306
telnet: can't connect to remote host (172.17.0.5): Connection refused
Both container inside same network and running on alpine image.
Commands:
ssh -4 -NL 3306:127.0.0.1:3306 "${SSH_USER}@${MONOLITH_IP}"(on container A)telnet 127.0.0.1:3306(on container A)telnet A:3306(on container B)
Expectation:
Successful connection from container B to the forwarded port on container A (MySQL server).
Actual Result:
telnet A:3306 (on container B) returns telnet: can't connect to remote host (172.17.0.5): Connection refused
despite verifying network connectivity, port availability
Solution
The SSH tunnel is bound to the loopback interface (127.0.0.1) inside container A, which means it is only accessible from within that container.
To make the forwarded port accessible to other containers within the same Docker network, binding the SSH tunnel to the container's IP address or 0.0.0.0 (all network interfaces) instead of 127.0.0.1.
ssh -4 -NL 0.0.0.0:3306:127.0.0.1:3306 "${SSH_USER}@${MONOLITH_IP}"
Answered By - Illya Skidanov Answer Checked By - Terry (WPSolving Volunteer)