Access ports on 127.0.0.1 via netbird client container #2188

Open
opened 2025-11-20 07:05:31 -05:00 by saavagebueno · 2 comments
Owner

Originally created by @uponminiature on GitHub (Aug 15, 2025).

Describe the problem

Hi all,

I am trying to expose some services via docker containers like this:

services:
  whoami:
    image: traefik/whoami:latest
    container_name: whoami
    restart: unless-stopped
    command:
      - --port=8005
    ports:
      - 127.0.0.1:8005:8005

But it seems NetBird cannot access these services.
I have even tried an ALL<->ALL rule to confirm, but I cannot access the port remotely.

However, if I just do

    ports:
      - 8005:8005

It works but then the port is published and bypasses my firewall. Docker seems to do that.

To Reproduce

Steps to reproduce the behavior:

  1. Use the NetBird docker client.
  2. On the same machine, create a docker container which a port exposed to 127.0.0.1.
  3. Try to access that port remotely.

Expected behavior

I expect for the ability to access ports on 127.0.0.1 on a client which is connected to NetBird.

Are you using NetBird Cloud?

No, I am self hosting.

NetBird version

0.54.2

Is any other VPN software installed?

No.

Debug output

Let me know if accessing ports on 127.0.0.1 is intended to work, if so I may send logs.

Screenshots

N/a

Additional context

Client compose:

  netbird-client:
    image: netbirdio/netbird:0.54.2
    container_name: netbird-client
    restart: unless-stopped
    hostname: $NETBIRD_HOSTNAME
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - NET_BIND_SERVICE
      - SYS_ADMIN
      - SYS_RESOURCE
      - BPF
    network_mode: host
    volumes:
      - ./services/netbird/client:/var/lib/netbird
    environment:
      NB_MANAGEMENT_URL: $NETBIRD_URL
      NB_SETUP_KEY: $NETBIRD_SETUP_KEY

Have you tried these troubleshooting steps?

  • Reviewed client troubleshooting (if applicable)
  • Checked for newer NetBird versions
  • Searched for similar issues on GitHub (including closed ones)
  • Restarted the NetBird client
  • Disabled other VPN software
  • Checked firewall settings
Originally created by @uponminiature on GitHub (Aug 15, 2025). **Describe the problem** Hi all, I am trying to expose some services via docker containers like this: ```yaml services: whoami: image: traefik/whoami:latest container_name: whoami restart: unless-stopped command: - --port=8005 ports: - 127.0.0.1:8005:8005 ``` But it seems NetBird cannot access these services. I have even tried an ALL<->ALL rule to confirm, but I cannot access the port remotely. However, if I just do ```yaml ports: - 8005:8005 ``` It works but then the port is published and bypasses my firewall. Docker seems to do that. **To Reproduce** Steps to reproduce the behavior: 1. Use the NetBird docker client. 2. On the same machine, create a docker container which a port exposed to 127.0.0.1. 3. Try to access that port remotely. **Expected behavior** I expect for the ability to access ports on 127.0.0.1 on a client which is connected to NetBird. **Are you using NetBird Cloud?** No, I am self hosting. **NetBird version** 0.54.2 **Is any other VPN software installed?** No. **Debug output** Let me know if accessing ports on 127.0.0.1 is *intended to work*, if so I may send logs. **Screenshots** N/a **Additional context** Client compose: ```yaml netbird-client: image: netbirdio/netbird:0.54.2 container_name: netbird-client restart: unless-stopped hostname: $NETBIRD_HOSTNAME cap_add: - NET_ADMIN - NET_RAW - NET_BIND_SERVICE - SYS_ADMIN - SYS_RESOURCE - BPF network_mode: host volumes: - ./services/netbird/client:/var/lib/netbird environment: NB_MANAGEMENT_URL: $NETBIRD_URL NB_SETUP_KEY: $NETBIRD_SETUP_KEY ``` **Have you tried these troubleshooting steps?** - [x] Reviewed [client troubleshooting](https://docs.netbird.io/how-to/troubleshooting-client) (if applicable) - [x] Checked for newer NetBird versions - [x] Searched for similar issues on GitHub (including closed ones) - [x] Restarted the NetBird client - [x] Disabled other VPN software - [x] Checked firewall settings
saavagebueno added the triage-needed label 2025-11-20 07:05:31 -05:00
Author
Owner

@uponminiature commented on GitHub (Aug 15, 2025):

Also, if there's a method of accessing this port on a NetBird peer without having to expose it to 127.0.0.1 or at all, it would be great to know. I just don't want it public.

@uponminiature commented on GitHub (Aug 15, 2025): Also, if there's a method of accessing this port on a NetBird peer without having to expose it to 127.0.0.1 or at all, it would be great to know. I just don't want it public.
Author
Owner

@uponminiature commented on GitHub (Aug 15, 2025):

I now realise I can attach to the internal IP directly. Downside being when I restart containers, the IP does not exist at that time since both the client and server are apart of those containers. So, it works but not ideal.

@uponminiature commented on GitHub (Aug 15, 2025): I now realise I can attach to the internal IP directly. Downside being when I restart containers, the IP does not exist at that time since both the client and server are apart of those containers. So, it works but not ideal.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#2188