gitadmin
/
mvp-factory-setups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add iptables fix instructions for n8n-OpenHands connectivity 

Final configuration:
- OpenHands: --network=host (can reach runtime containers)
- n8n: bridge network
- Solution: iptables rule to allow bridge→host on port 3000
This commit is contained in:
Git Admin 2025-11-30 18:50:25 +00:00
parent f419194aa0
commit 3db5b22c59
1 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
iptables-fix-instructions.txt Normal file
View File

@ -0,0 +1,66 @@
## REQUIRED: iptables Fix for n8n → OpenHands Communication
### The Problem:
Docker containers (like n8n) on bridge networks cannot reach services running with `--network=host`
(like OpenHands) due to Linux firewall rules. This is a Docker security feature.
### The Solution:
Add an iptables rule to allow Docker containers to access port 3000 on the host.
### Commands to Run:
```bash
# 1. Add iptables rule to allow Docker containers to reach host port 3000
sudo iptables -I DOCKER-USER -p tcp --dport 3000 -j ACCEPT
# 2. Verify the rule was added
sudo iptables -L DOCKER-USER -n -v | grep 3000
# Expected output:
# 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000
# 3. Make the rule persistent across reboots
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
```
### Verification:
After running the commands, test that n8n can reach OpenHands:
```bash
# Test from n8n container
docker exec n8n wget -O- --timeout=5 http://10.10.10.11:3000/api/options/agents
# Should return: ["BrowsingAgent","CodeActAgent","DummyAgent"...]
```
### What This Does:
- Adds a rule to the DOCKER-USER chain (Docker's recommended way to add custom rules)
- Allows TCP traffic to port 3000 from any source
- Makes the rule permanent so it survives system reboots
### Security Note:
This rule allows ALL Docker containers to access port 3000 on the host. Since OpenHands
is already only listening on localhost (not exposed to the internet), this is safe.
### After This Fix:
1. OpenHands will work with runtime containers (already working) ✅
2. n8n will be able to call OpenHands API ✅
3. The n8n workflow can create conversations and execute tasks ✅
### Ready to Test:
Once you've run these commands and verified connectivity, restart the n8n workflow:
- It will use the updated JSON (already pushed to git)
- URL: http://10.10.10.11:3000/api/conversations
- Should successfully create hello.txt file
---
## Copy-Paste Commands:
sudo iptables -I DOCKER-USER -p tcp --dport 3000 -j ACCEPT
sudo iptables -L DOCKER-USER -n -v | grep 3000
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
docker exec n8n wget -O- --timeout=5 http://10.10.10.11:3000/api/options/agents