How to prevent Unraid WebGUI access through Docker containers?


Recommended Posts

I'm trying to isolate some of my docker containers and after testing different IPs and Ports I found out that all of my docker containers are able to connect to the Unraid WebGUI.

 

Example:

1517208923_2021-01-2123_43_11.png.82ed8dda1166f29e3f3c783c273409de.png

 

Thanks to docker's --internal flag all these connections failed:

google.com           Internet
192.168.178.1        Router
192.168.178.21:445   SMB Client
172.17.0.2:32400     Plex Bridge IP
192.168.178.9:32400  Plex Host IP

 

Only these connections worked:

172.19.0.4:3306       MariaDB (wanted)
192.168.178.9/login   Unraid WebGUI (unwanted)

 

Is this a wanted behaviour? How can I block this?

Link to comment

This iptables Rule solves the issue (first block = internal container network, second block = my local network which unraid is part of)

iptables -A INPUT -s 172.19.0.0/24 -d 192.168.178.0/24 -j DROP

 

But I'm still interested if this (container is able to open the Unraid WebGUI) is an expected behaviour. 

Link to comment

Wondering if this setting might have anything to do with it and how yours is configured?

 

Under Settings - Docker advanced settings

 

Host access to custom networks:  Disabled/Enabled

Allows direct communication between the host and containers using a custom (macvlan) network.
By default this is prohibited.

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.