From 3db5b22c59778e9bd3988f8ffb9822e5e0a25754 Mon Sep 17 00:00:00 2001 From: Git Admin Date: Sun, 30 Nov 2025 18:50:25 +0000 Subject: [PATCH] Add iptables fix instructions for n8n-OpenHands connectivity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Final configuration: - OpenHands: --network=host (can reach runtime containers) - n8n: bridge network - Solution: iptables rule to allow bridge→host on port 3000 --- iptables-fix-instructions.txt | 66 +++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 iptables-fix-instructions.txt diff --git a/iptables-fix-instructions.txt b/iptables-fix-instructions.txt new file mode 100644 index 0000000..5650624 --- /dev/null +++ b/iptables-fix-instructions.txt @@ -0,0 +1,66 @@ +## REQUIRED: iptables Fix for n8n → OpenHands Communication + +### The Problem: +Docker containers (like n8n) on bridge networks cannot reach services running with `--network=host` +(like OpenHands) due to Linux firewall rules. This is a Docker security feature. + +### The Solution: +Add an iptables rule to allow Docker containers to access port 3000 on the host. + +### Commands to Run: + +```bash +# 1. Add iptables rule to allow Docker containers to reach host port 3000 +sudo iptables -I DOCKER-USER -p tcp --dport 3000 -j ACCEPT + +# 2. Verify the rule was added +sudo iptables -L DOCKER-USER -n -v | grep 3000 + +# Expected output: +# 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000 + +# 3. Make the rule persistent across reboots +sudo apt install iptables-persistent -y +sudo netfilter-persistent save +``` + +### Verification: + +After running the commands, test that n8n can reach OpenHands: + +```bash +# Test from n8n container +docker exec n8n wget -O- --timeout=5 http://10.10.10.11:3000/api/options/agents + +# Should return: ["BrowsingAgent","CodeActAgent","DummyAgent"...] +``` + +### What This Does: +- Adds a rule to the DOCKER-USER chain (Docker's recommended way to add custom rules) +- Allows TCP traffic to port 3000 from any source +- Makes the rule permanent so it survives system reboots + +### Security Note: +This rule allows ALL Docker containers to access port 3000 on the host. Since OpenHands +is already only listening on localhost (not exposed to the internet), this is safe. + +### After This Fix: +1. OpenHands will work with runtime containers (already working) ✅ +2. n8n will be able to call OpenHands API ✅ +3. The n8n workflow can create conversations and execute tasks ✅ + +### Ready to Test: +Once you've run these commands and verified connectivity, restart the n8n workflow: +- It will use the updated JSON (already pushed to git) +- URL: http://10.10.10.11:3000/api/conversations +- Should successfully create hello.txt file + +--- + +## Copy-Paste Commands: + +sudo iptables -I DOCKER-USER -p tcp --dport 3000 -j ACCEPT +sudo iptables -L DOCKER-USER -n -v | grep 3000 +sudo apt install iptables-persistent -y +sudo netfilter-persistent save +docker exec n8n wget -O- --timeout=5 http://10.10.10.11:3000/api/options/agents