Connection reset from within LAN

Traefik Traefik v2 (latest)
,
1

Hi,
I am experiencing a very strange issue when I am accessing my services from within my LAN, more specifically my WLAN.
But let me start at the beginning:

  • I am hosting a couple of services within docker containers that are exposed through traefik.
  • The server is located within my local network that is connected to the internet via my ISPs router.
  • Cloudflare dynamic DNS is used (Only DNS, requests are not proxied through Cloudflare)
  • A wildcard SSL certificate is obtained via Let's Encrypt.

So far all good, my services are reachable from the internet perfectly fine. Same is true for devices that have a wired connection to my router.
However, when accessed from within my WLAN, no connection can be made because each request results in a connection reset. This behavior is consistent for different devices, operating systems and browsers/client applications.
The traefik logs however seem to indicate that the requests where processed successfully.
I conclude this from the logs like "begin ServeHttp on request", "Forwarding this request to URL ...", "completed ServeHttp on request".
However, none of the backend services seem to receive the requests. Do these logs actually indicate success?
The very same devices can access all of my services without problems if I connect them to my LAN via cable or connect to the services from the Internet.

Now to the final part, if I add an entry to those devices hosts files to directly point to the LAN IP of my server, the connection again works.

Does anybody have ideas what could cause this issue or how to debug it?
I would have assumed, that it is an issue with my router, but I basically used the same setup with nginx instead of traefik before, where this was never an issue.

Any log files that contained traces of the requests (docker logs, traefik access log, backend service logs) either showed success messages or no traces at all.
The most detailed client logs I could gather where Chrome's internal (chrome://net-export) ones which show a connection reset during the SSL handshake after certificate validation.

2

with this part, it seems that the DNS used with your Wifi connection is not the same that the one used with your wired connection. you should try to force the DNS for the WLAN connexion to the same IP that the one used on a connection with no problem and see if that changes anything.

3

Short Question: Do you have an IP-Address-Scope of 172.17.x.x in your WLAN-Environment?

4

First of thank you for your reply!
My ISP's router does not provide me with any options to configure different DNS servers, neither for the LAN, nor the WLAN. By "force the DNS for the WLAN", do you mean setting the desired DNS manually on the client? The DNS server is propagated to my clients via DHCP by my router. Wired and wireless clients show the same DNS server.
Moreover, nslookup shows that the client IP can be resolved correctly.
I fail to see which DNS server I should "force" since they already use the same.

5

Short Question: Do you have an IP-Address-Scope of 172.17.x.x in your WLAN-Environment?

My LAN (and WLAN) use the 10.0.0.0/24 address space. On my server, services are using docker and multiple docker networks. Therefore, 172.17.0.0/16 as well as other 172.x.0.0/16 networks are being used.
That is in fact one difference to my previous setup where access from my WLAN to services on my server worked (I did not use docker in the old setup).