Cross-project communication broken on Fedora 39, Docker Engine 24.

[ahamilton9]

I recently moved from Ubuntu to Fedora, and everything seems fine except for this one bit. Docker's firewalld support seems to be properly editing the iptables configuration, but I think something is missing and I'm not sure if it's in Docker or Lando's wheelhouse.

The docker zone has most of the bridge network interfaces listed, but I do not see the "lando_bridge_network", and trying to add it manually gives me "success" but no change to this list:

docker (active)
  target: ACCEPT
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: br-213d2a57fb6f br-644459259f19 br-ab034134b70b docker0
  sources: 
  services: 
  ports: 
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

All domains work on my host without issue. Cross-container communication using just hostnames within a project seem fine. It's just communicating across project. The internal urls, lndo.site, and custom domains all fail when called from within another project with curl: (7) Failed to connect to <domain> port 80/443: No route to host.

I'm at a loss. Any help would be appreciated.

[ahamilton9]

After a bit more testing, this seems to be specifically an issue with firewalld. I removed it, and replaced it with the standard iptables service and everything is happy locally.

I would not call this a fix though, nor am I sure if this is something Lando has to compensate for with firewalld or if that's Docker's problem. If someone can help narrow down where the issue stems from I can make a ticket in the proper location.

[branivreyes]

Same here, I can't communicate between projects using the internal urls (like this). I can communicate only using the IPs from "landoproxyhyperion5000gandalfedition_edge". Maybe is a Fedora only issue.

[matthieuleorat]

Same here, and same workaround as branivreyes with lando v3.21.0-beta.10 and fedora 37