jameson_uk Posted July 7, 2023 Share Posted July 7, 2023 (edited) I have my network divided up into a few VLANs. Primarily trusted stuff vs IOT devices etc. This all works great and IOT stuff is nicely segregated on VLAN tagged traffic and trusted stuff is untagged. On the Unraid side I have enabled VLANs in network settings and configured a a new address on the IOT VLAN (and excluded this from the management interfaces). I have some containers I want on the trusted side and this all works well via a bridge network and port mappings of <trusted IP>:<port> so they are only accessible on the trusted network. I then have a bunch of containers I want on the untrusted side. I have created a docker bridge network and have all these containers running in there. Those I want to be accessible have port mappings of <untrusted IP>:<port> and the rest have no mappings at all (these are only accessible to other containers in this docker network-). All good so far in that some of the containers are not accessible externally (eg. MQTT server which only sits between Zigbee2MQTT and Home Assistant so has no need to be visible elsewhere) and the the containers I do want to be accessible appear on the untrusted VLAN. Only issue is outbound traffic from containers in this bridge network are able to connect to the trusted LAN. So whilst inbound traffic is tied to the IOT VLAN, outbound is not. I guess this makes sense as the bridge just bridges the docker network to the host (Unraid) and that has a route to the trusted LAN so it can get through. Is there any way to force outbound traffic back out through the VLAN tagged (virtual) interface tp prevent this?? Edited July 7, 2023 by jameson_uk Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.