February 10, 20242 yr So I am having an issue I need help with. I currently run all my dockers on the default bridge. Everything works great. What I want to do is one specific docker I want to open to the world (it's a MC server) and I want to use this as a "testing the waters" point for a new idea I had. I want my new docker to be connected to the internet. I want to be able to manage said docker. But I do not want that docker to access my LAN or my server. Some assumptions: Gateway/Router = 192.168.1.1 unRAID = 192.168.1.10 What I was thinking was the docker could live in maybe its own wg network, call it wg3 (wg0-2 already in use for other things). then somehow wg3 needs access to the gateway, but only the gateway. then when I Need to manage the docker I could also join wg3 by connecting to the VPN as a client. 1: does this sound like a good idea? 2: I tried putting it on wg3 and while I can get on wg3 with my computer, the docker cannot see the outside world...
February 10, 20242 yr Community Expert Does the docker need to be able to make outgoing connections to the internet, or are you just trying to secure it for purposes of inbound connections?
February 10, 20242 yr Author sorry, forgot to mention: The docker does need access to the internet. and since it'll need to be accessed from the internet (for gameplay)
February 10, 20242 yr Community Expert 40 minutes ago, elmetal said: sorry, forgot to mention: The docker does need access to the internet. and since it'll need to be accessed from the internet (for gameplay) In which case the container does not need to access the gateway itself (it is just accepting inbound requests FROM the gateway) as long as you can access the container via the wg3 network remotely then that should be enough.
February 10, 20242 yr Author Just now, itimpi said: In which case the container does not need to access the gateway itself (it is just accepting inbound requests FROM the gateway) as long as you can access the container via the wg3 network remotely then that should be enough. that's a great point I didn't think about the fact that it just needs to accept inbounds and not outbounds... Guess I have some testing to do
February 10, 20242 yr Author 8 hours ago, itimpi said: In which case the container does not need to access the gateway itself (it is just accepting inbound requests FROM the gateway) as long as you can access the container via the wg3 network remotely then that should be enough. I can access the container remotely but the container has access to the server via the wg3 address 10.253.3.1.... how can I make sure the container cannot see the server. is it possible when the server itself is its route back to the internet?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.