No Hosts can be found

bk-haystacks · July 18, 2025, 3:56pm

Hello,

I have just setup the community containers and the installation with the instructions here Greenbone Community Containers - Greenbone Community Documentation went fine. All containers are up and running. When I start a scan of the local subnet no hosts can be found. Hosts in another subnet can also not be found. It seems that the containers have no access to the outside world (of the Docker network). Is there anything I am missing?

There are some iptables rules active. Shall I flush them? I read already something about

network_mode: host

I tried to change the docker-compose.yml File but no improvement of the situation.

The Greenbone containers are running inside another container (Balena). Might that be a problem?

Thanks for any hint!

Lukas · July 21, 2025, 4:30pm

Don´t use ANY firewall between the scanner and your target host as rule of thumb. As well ensure that your container has raw socked and root access for the scanner.

Eero · July 22, 2025, 7:18am

@bk-haystacks remove all fw rules. check that keep alive check is in correct state. (=consider alive, if host does not respond icmp (ping) requests)

Eero

co60ca · July 22, 2025, 10:37am

bk-haystacks you may need to change the liveness tests for your scan. Its likely they aren’t responding to ICMP Echo if I had to guess.

You can use nmap and ping to experiment from the container using docker exec.

bk-haystacks · July 22, 2025, 10:37am

I started the containers with the docker-compose.yml file provided by Greenbone. Are there any changes necessary to make the scanner accessible to the local network? I flushed all iptables rules but the problem still persists.

docker ps -q | xargs -n 1 docker inspect --format ‘{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}} {{ .Name }}’ | sed ‘s/ // /’

172.18.0.3 greenbone-community-edition-openvasd-1
172.18.0.13 greenbone-community-edition-openvas-1
172.18.0.2 greenbone-community-edition-ospd-openvas-1
172.18.0.6 greenbone-community-edition-gsa-1
172.18.0.4 greenbone-community-edition-gvmd-1
172.18.0.8 greenbone-community-edition-pg-gvm-1
172.18.0.7 greenbone-community-edition-redis-server-1

Do the containers need to have an IP address of the local network (192.168.0.0/24)?

Eero · July 22, 2025, 12:19pm

@bk-haystacks no, but you need working connectivity to that network (nat or routing) . test connectivity with ping or similar tools.

Eero

bricks · August 6, 2025, 6:11am

What’s the log output of

docker compose -f $DOWNLOAD_DIR/docker-compose.yml up ospd-openvas

NOTE: Be aware that this command starts ospd-openvas in the foreground with the console showing the log output. CTRL+C will shutdown it. To run it in the background use -d ospd-openvas but that wont show the logs at your current console.

system · October 16, 2025, 3:57pm

This topic was automatically closed after 90 days. New replies are no longer allowed.