gitadmin
/
mvp-factory-setups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mvp-factory-setups/iptables-fix-instructions.txt

67 lines
2.2 KiB
Plaintext
Raw Permalink Blame History

## REQUIRED: iptables Fix for n8n → OpenHands Communication
### The Problem:
Docker containers (like n8n) on bridge networks cannot reach services running with `--network=host`
(like OpenHands) due to Linux firewall rules. This is a Docker security feature.
### The Solution:
Add an iptables rule to allow Docker containers to access port 3000 on the host.
### Commands to Run:
```bash
# 1. Add iptables rule to allow Docker containers to reach host port 3000
sudo iptables -I DOCKER-USER -p tcp --dport 3000 -j ACCEPT
# 2. Verify the rule was added
sudo iptables -L DOCKER-USER -n -v | grep 3000
# Expected output:
# 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000
# 3. Make the rule persistent across reboots
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
```
### Verification:
After running the commands, test that n8n can reach OpenHands:
```bash
# Test from n8n container
docker exec n8n wget -O- --timeout=5 http://10.10.10.11:3000/api/options/agents
# Should return: ["BrowsingAgent","CodeActAgent","DummyAgent"...]
```
### What This Does:
- Adds a rule to the DOCKER-USER chain (Docker's recommended way to add custom rules)
- Allows TCP traffic to port 3000 from any source
- Makes the rule permanent so it survives system reboots
### Security Note:
This rule allows ALL Docker containers to access port 3000 on the host. Since OpenHands
is already only listening on localhost (not exposed to the internet), this is safe.
### After This Fix:
1. OpenHands will work with runtime containers (already working) ✅
2. n8n will be able to call OpenHands API ✅
3. The n8n workflow can create conversations and execute tasks ✅
### Ready to Test:
Once you've run these commands and verified connectivity, restart the n8n workflow:
- It will use the updated JSON (already pushed to git)
- URL: http://10.10.10.11:3000/api/conversations
- Should successfully create hello.txt file
---
## Copy-Paste Commands:
sudo iptables -I DOCKER-USER -p tcp --dport 3000 -j ACCEPT
sudo iptables -L DOCKER-USER -n -v | grep 3000
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
docker exec n8n wget -O- --timeout=5 http://10.10.10.11:3000/api/options/agents
Reference in New Issue View Git Blame Copy Permalink