## REQUIRED: iptables Fix for n8n → OpenHands Communication

### The Problem:
Docker containers (like n8n) on bridge networks cannot reach services running with `--network=host`
(like OpenHands) due to Linux firewall rules. This is a Docker security feature.

### The Solution:
Add an iptables rule to allow Docker containers to access port 3000 on the host.

### Commands to Run:

```bash
# 1. Add iptables rule to allow Docker containers to reach host port 3000
sudo iptables -I DOCKER-USER -p tcp --dport 3000 -j ACCEPT

# 2. Verify the rule was added
sudo iptables -L DOCKER-USER -n -v | grep 3000

# Expected output:
#     0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3000

# 3. Make the rule persistent across reboots
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
```

### Verification:

After running the commands, test that n8n can reach OpenHands:

```bash
# Test from n8n container
docker exec n8n wget -O- --timeout=5 http://10.10.10.11:3000/api/options/agents

# Should return: ["BrowsingAgent","CodeActAgent","DummyAgent"...]
```

### What This Does:
- Adds a rule to the DOCKER-USER chain (Docker's recommended way to add custom rules)
- Allows TCP traffic to port 3000 from any source
- Makes the rule permanent so it survives system reboots

### Security Note:
This rule allows ALL Docker containers to access port 3000 on the host. Since OpenHands
is already only listening on localhost (not exposed to the internet), this is safe.

### After This Fix:
1. OpenHands will work with runtime containers (already working) ✅
2. n8n will be able to call OpenHands API ✅
3. The n8n workflow can create conversations and execute tasks ✅

### Ready to Test:
Once you've run these commands and verified connectivity, restart the n8n workflow:
- It will use the updated JSON (already pushed to git)
- URL: http://10.10.10.11:3000/api/conversations
- Should successfully create hello.txt file

---

## Copy-Paste Commands:

sudo iptables -I DOCKER-USER -p tcp --dport 3000 -j ACCEPT
sudo iptables -L DOCKER-USER -n -v | grep 3000
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
docker exec n8n wget -O- --timeout=5 http://10.10.10.11:3000/api/options/agents