I’ve created a LXC container on my Omnia using LuCI using the template “Ubuntu Focal” from “repo.turris.cz”. After the creation of the container I saw that inside of the syslog of Ubuntu there were logged many “REJECT” entries from external IP addresses:
REJECT wan in: IN=pppoe-wan OUT= MAC= SRC=<IP ADDRESS> DST=<IP ADDRESS> LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=59111 PROTO=TCP SPT=52525 DPT=11583 WINDOW=1024 RES=0x00 SYN URGP=0
As I didn’t have changed the firewall configuration of the router during the creation of the container I was surprised to see this entries inside of the log of the lxc container.
I looked at the firewall rules in LuCI and there was an entry “wan_http_turris_rule” (should be one of the defaults created by Foris I think) which was disabled. My next try was to activate this rule and afterwards the webinterface of Turris Omnia was accessible from the web. So I disabled the rule again and after this action the log inside of my LXC Container also stopped growing and there where no new REJECT entries.
I’m asking me if there is a common error when using LXC, so that the containers are accessible from web? As I didn’t modified the firewall rules before (always let Foris manage those) I’m surprised that the container was connected directly to the internet…?