Docker networking questions

[simlaf]

Hello everyone, 

 

I'm trying to figure out networking configurations for docker containers.  I've got quite a few containers configured now, but honestly I didn't really put much thought into the networking config.  Basically most of them are configured using Host, a few are bridged, and a couple more are using a custom with static IPs.  It seems the few times I've tried messing around in the Networking config, things went sour and caused me to lose access to the webui.

 

Here's what I've been able to piece together so far (I think this is accurate?):

 

Host Networking - Uses Unraid IP, with direct port mappings.  Can't use "Host" is port is already in use by another service/docker.  Also allows the docker full ports access, and so could potentially use connections that is unmonitored?

Bridge Networking - Docker engine creates a NAT to translate internal docker ips to LAN IP.  Need to map ports, ports can be changed as desired. Docker doesn't have all ports access, need to specifically map ports.

Custom Networking - Allows DHCP or Static IP directly from LAN.  Ports can't be mapped.  Also allows the docker full ports access, and so could potentially use connections that is unmonitored?

 

If you need dockers to have access to other dockers between Host, Bridge and Custom, you need to have Host Access enabled in Docker config.

 

Additionally, in Unraid Networking, you need at least one Eth used for Docker Bridging.  Can you have more than one?  I've got 5 Eth ports on my machine, could I dedicate one of them for specific dockers?  

 

Are there any good security practices that I should use?  Like should dockers all use Bridging to limit network exposure, unless you need static IP address (I run pihole)?

 

Basically I'm looking to understand Docker Networking in unraid so that I can have confidence in the security of my network.

 

Thanks!