Docker Sonarr & Docker Radarr issue with Firewall.

[DaVoodoo]

I have Sonarr & Radarr dockers working 100% and they can reach the indexers fine.

As soon as I turn on Synology Firewall (Attached is a screenshot of Firewall.) the indexers are blocked: All indexers are unavailable due to failures, All search-capable indexers are temporarily unavailable due to recent indexer errors, All rss-capable indexers are temporarily unavailable due to recent indexer errors:

Saw on Reddit that I am not the only one with this issue. Any help please as I really want the firewall active?

 

[Rusty]

I have Sonarr & Radarr dockers working 100% and they can reach the indexers fine.

As soon as I turn on Synology Firewall (Attached is a screenshot of Firewall.) the indexers are blocked: All indexers are unavailable due to failures, All search-capable indexers are temporarily unavailable due to recent indexer errors, All rss-capable indexers are temporarily unavailable due to recent indexer errors:

Saw on Reddit that I am not the only one with this issue. Any help please as I really want the firewall active?

Add your docker subnet access to your lan on all ports. So 172.17.x.x to your LAN and take it from there.

 

[Telos]

Add your docker subnet access to your lan on all ports. So 172.17.x.x to your LAN and take it from there.

If that alone does not help... add 172.19.0.0 / 255.255.0.0 to the firewall allow list

 

[DaVoodoo]

Add your docker subnet access to your lan on all ports. So 172.17.x.x to your LAN and take it from there.

@Rusty So we meet again. Thanks, that did the trick.

@Telos , thanks for your input as well.

 

[one-eyed-king]

docker0 is the default gateway for the subnet 172.17.0.0/16 and has the ip 172.17.0.1 (see: ip addr show docker0) . This device is always created by the docker installation.

docker_gwbridge is the default gateway for the subnet 172.18.0.0/16 and has the ip 172.18.0.1 (see: ip addr show docker_gwbridge) - afair this device is added when the swarm mode is initalized. No swarm mode == no device

docker-{ 8char alpanum} is the default gateway for the user derfined docker network following the schema 172.x.0.0/16 with its gateway ip 172.x.0.1. You can either find the network ranges in the ui or by running the command ip a | grep -E 'docker-[[:alnum:]]{8}'. A device is created per user defined docker network.

It should be sufficient to only whitelist the gateway ip of the network.

Though, If you'd create a user defined bridge network (from the ui, the shell or portainer) and put all these containers inside the same network, you could leverage service discovery via the networks internal dns (it's a docker feature for user defined networks) and use the container names when accessing another container in the same network using the services container port. For instance lets assuem your sabnzdb container is called sabnzb, then you would use http://sabnzbd:8080 in the sonarr container for the download client connection. But I guess the firewall you are asking about is to grant container generall internet access - the user defined networks just help for container to container communication.

Fun fact: those gateway ips can be used from inside a container, to access services from the host...