mgutt Posted January 21, 2021 Share Posted January 21, 2021 I'm trying to isolate some of my docker containers and after testing different IPs and Ports I found out that all of my docker containers are able to connect to the Unraid WebGUI. Example: Thanks to docker's --internal flag all these connections failed: google.com Internet 192.168.178.1 Router 192.168.178.21:445 SMB Client 172.17.0.2:32400 Plex Bridge IP 192.168.178.9:32400 Plex Host IP Only these connections worked: 172.19.0.4:3306 MariaDB (wanted) 192.168.178.9/login Unraid WebGUI (unwanted) Is this a wanted behaviour? How can I block this? Quote Link to comment
mgutt Posted January 22, 2021 Author Share Posted January 22, 2021 This iptables Rule solves the issue (first block = internal container network, second block = my local network which unraid is part of) iptables -A INPUT -s 172.19.0.0/24 -d 192.168.178.0/24 -j DROP But I'm still interested if this (container is able to open the Unraid WebGUI) is an expected behaviour. Quote Link to comment
Energen Posted January 26, 2021 Share Posted January 26, 2021 Wondering if this setting might have anything to do with it and how yours is configured? Under Settings - Docker advanced settings Host access to custom networks: Disabled/Enabled Allows direct communication between the host and containers using a custom (macvlan) network. By default this is prohibited. Quote Link to comment
mgutt Posted January 26, 2021 Author Share Posted January 26, 2021 Mine is disabled. So if I use br0, I'm not able to ping the host (but everything else). Quote Link to comment
Abigel Posted March 17, 2022 Share Posted March 17, 2022 Hi I would like to know if there are any news? @mgutt Quote Link to comment
Hackintosys Posted November 11, 2022 Share Posted November 11, 2022 On 1/22/2021 at 1:06 PM, mgutt said: This iptables Rule solves the issue (first block = internal container network, second block = my local network which unraid is part of) iptables -A INPUT -s 172.19.0.0/24 -d 192.168.178.0/24 -j DROP But I'm still interested if this (container is able to open the Unraid WebGUI) is an expected behaviour. Hi, where did you put this iptable entry in? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.