Established TCP connection but no data is returned

Question

I'm running a simple registry with podman and bind it to a local private IP address.

podman container create \
   --name insecure-registry \
   --privileged=True \
   --env REGISTRY_HTTP_ADDR=0.0.0.0:5000 \
   --volume /var/lib/registry:/var/lib/registry:rw \
   --publish 10.20.30.40:5000:5000 \
   registry:2

And when I try to expose the registry using port-forwarding to a limited source IP's, from what I can see the TCP connection is established, but no data is returned when I query the public endpoint.

firewall-cmd --zone=external --add-rich-rule='rule family="ipv4" forward-port port="5000" protocol="tcp" to-port="5000" to-addr="10.20.30.40" source address="1.1.1.0/20"'

curl -m 2 -v registry.mydomain.dev:5000/v2/_catalog
*   Trying 169.x.x.x...
* TCP_NODELAY set

* Connection timed out after 2000 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 2000 milliseconds

But locally it is working

curl 10.20.30.40:5000/v2/_catalog

{
  "repositories": [
    "gocli",
    "ubuntu"
  ]
}

What I am missing?

I have verified it with tcpdump, you clearly see the 3-way handshake, I have a filling it related to black magic of how podman creates some nftables rules. — Rabin, Feb 20 '23 at 12:39

Established TCP connection but no data is returned

0 Answers0