What is garfieldwtf/port-listener?
If you’re a network administrator, DevOps engineer, or security professional who regularly tests firewall rules, network policies, or service connectivity, you’ve probably faced the challenge of setting up test services quickly. That’s where garfieldwtf/port-listener comes in – a lightweight Alpine Linux container specifically designed for firewall and network policy verification.
This Docker image provides ready-to-use services on three critical ports:
– HTTP on port 80 (TCP) with a pretty web interface
– HTTPS on port 443 (TCP) with a 10-year self-signed certificate
– SNMP on port 161 (UDP) for UDP protocol testing
Getting Started: Basic Setup
Installation
# Pull the latest image
docker pull garfieldwtf/port-listener:latest
# Run with default port mappings
docker run -d \
-p 8080:80 \
-p 8443:443 \
-p 1610:161/udp \
--name port-tester \
garfieldwtf/port-listener:latest
This basic setup gives you immediate access to all services through non-privileged ports. You can test them immediately:
- HTTP: `http://localhost:8080`
- HTTPS: `https://localhost:8443` (ignore certificate warnings)
- SNMP:
snmpget -v 2c -c public localhost:1610 sysDescr.0
The Power of Flexible Port Mapping
Understanding Docker Port Mapping
The real power of this container lies in Docker’s flexible port mapping system using the -p flag with the format: -p HOST_PORT:CONTAINER_PORT/PROTOCOL. This allows you to create multiple access points to the same container service, perfect for comprehensive network testing scenarios.
Practical Port Mapping Examples
Here’s where it gets interesting. You can map multiple host ports to the same container port, allowing you to test different network paths to the same service:
# Advanced port mapping for comprehensive testing
docker run -d \
-p 8080:80 \
-p 9443:443 \
-p 4345:80 \
-p 633:161/udp \
-p 8081:80 \
-p 9444:443 \
--name advanced-port-tester \
garfieldwtf/port-listener:latest
In this example:
– Host port 8080 maps to container port 80 (HTTP)
– Host port 4345 also maps to container port 80 (HTTP)
– Host port 8081 provides another HTTP access point
– Similar multiple mappings exist for HTTPS (9443 and 9444)
– UDP port 633 maps to container SNMP port 161
Why Multiple Mappings Matter
This approach is invaluable for:
1. Simulating complex network topologies where the same service might be accessed through different paths
2. Testing load balancers that distribute traffic across multiple ports
3. Verifying firewall rules for various ingress points
4. Validating NAT configurations where external ports map to internal services
Real-World Testing Scenarios
Firewall Rule Validation
# Create container with multiple port mappings
docker run -d \
-p 9000:80 \
-p 9001:80 \
-p 9002:80 \
-p 9443:443 \
-p 9444:443 \
-p 2000:161/udp \
-p 2001:161/udp \
--name firewall-validator \
garfieldwtf/port-listener:latest
# Test each port
for port in 9000 9001 9002; do
echo "Testing HTTP on port $port:"
curl -I http://localhost:$port
done
Multi-Environment Testing
# Development environment ports
docker run -d \
-p 10080:80 \
-p 10443:443 \
-p 10161:161/udp \
--name dev-tester \
garfieldwtf/port-listener:latest
# Staging environment ports
docker run -d \
-p 20080:80 \
-p 20443:443 \
-p 20161:161/udp \
--name staging-tester \
garfieldwtf/port-listener:latest
# Production-like ports (requires root for <1024)
sudo docker run -d \
-p 80:80 \
-p 443:443 \
-p 161:161/udp \
--name prod-tester \
garfieldwtf/port-listener:latest
Using Docker Compose for Complex Setups
For more complex testing environments, Docker Compose provides better management:
version: '3.8'
services:
port-listener:
image: garfieldwtf/port-listener:latest
container_name: multi-port-listener
ports:
- "8080:80"
- "8081:80"
- "8082:80"
- "9443:443"
- "9444:443"
- "633:161/udp"
- "634:161/udp"
restart: unless-stopped
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/health"]
interval: 30s
timeout: 3s
retries: 3
start_period: 5s
Run with: docker-compose up -d
Testing Your Deployments
HTTP/HTTPS Testing Commands
# Test multiple HTTP ports
for port in 8080 4345 8081; do
echo "Testing port $port:"
curl -s -o /dev/null -w "Port $port: %{http_code}\n" http://localhost:$port
done
# Test HTTPS with certificate inspection
curl -k -v https://localhost:9443
curl -k -v https://localhost:9444
# Check certificate details
openssl s_client -connect localhost:9443 -servername localhost </dev/null 2>/dev/null | \
openssl x509 -noout -dates
SNMP UDP Testing
# Test SNMP on different UDP ports
snmpget -v 2c -c public localhost:633 sysDescr.0
snmpget -v 2c -c public localhost:1610 sysDescr.0
# Test with netcat for raw UDP verification
echo "test" | nc -u -w 2 localhost 633
# Scan multiple UDP ports with nmap
nmap -sU -p 633,1610 localhost
Advanced Usage Patterns
Container-to-Container Testing
# Create a test network
docker network create test-network
# Run port listener with multiple mappings
docker run -d \
--name listener-main \
--network test-network \
-p 8080:80 \
-p 8081:80 \
-p 9443:443 \
garfieldwtf/port-listener:latest
# Test from another container on same network
docker run --rm --network test-network \
alpine:latest sh -c "wget -qO- http://listener-main && echo 'Port 80 accessible'"
Automated Testing Script
#!/bin/bash
# multi-port-test.sh
PORTS_HTTP="8080 4345 9000"
PORTS_HTTPS="9443 9444 8443"
PORTS_SNMP="633 1610 2000"
echo "Testing HTTP ports..."
for port in $PORTS_HTTP; do
if curl -s --connect-timeout 2 http://localhost:$port > /dev/null; then
echo "✓ HTTP port $port is accessible"
else
echo "✗ HTTP port $port is blocked"
fi
done
echo -e "\nTesting HTTPS ports..."
for port in $PORTS_HTTPS; do
if curl -k -s --connect-timeout 2 https://localhost:$port > /dev/null; then
echo "✓ HTTPS port $port is accessible"
else
echo "✗ HTTPS port $port is blocked"
fi
done
Troubleshooting Tips
Common Issues and Solutions
- Port Conflicts: If you get “port already in use” errors:
# Find what's using the port sudo lsof -i :8080 # Or use netstat sudo netstat -tulpn | grep :8080 - Certificate Warnings: The HTTPS certificate is self-signed for testing. Browser warnings are expected. Click “Advanced” → “Proceed to localhost (unsafe)”.
-
Missing SNMP Tools:
# Ubuntu/Debian sudo apt-get install snmp # RHEL/CentOS sudo yum install net-snmp-utils # macOS brew install net-snmp
Container Management
# Check container status
docker ps | grep port-listener
# View logs for troubleshooting
docker logs port-tester
# Check port mappings
docker port port-tester
# Execute commands inside container
docker exec port-tester /cert-info.sh
Best Practices for Network Testing
- Start Simple: Begin with basic port mappings and gradually add complexity
- Document Your Mappings: Keep a record of which host ports correspond to which testing scenarios
- Clean Up Regularly: Remove test containers when not in use to free up ports
- Use Descriptive Names: Give containers meaningful names related to their testing purpose
- Test Both TCP and UDP: Remember that different protocols behave differently through firewalls
Conclusion
The garfieldwtf/port-listener Docker container, combined with Docker’s flexible port mapping capabilities, provides an incredibly powerful toolkit for network testing. By mapping multiple host ports to the same container services, you can simulate complex network environments, test firewall rules from different angles, and validate connectivity across various paths.
Whether you’re testing a simple home firewall or enterprise network security policies, this container simplifies the process of setting up test endpoints. The included web interface, SSL certificate, and SNMP service give you multiple protocol testing capabilities in a single lightweight package.
Remember that proper network testing often requires verifying access through multiple ports and protocols. With the techniques outlined in this guide, you’ll be well-equipped to thoroughly test and validate your network configurations.
Happy testing, and may your firewall rules always be correct! 🔥🔧