elmetal Posted February 10 Share Posted February 10 So I am having an issue I need help with. I currently run all my dockers on the default bridge. Everything works great. What I want to do is one specific docker I want to open to the world (it's a MC server) and I want to use this as a "testing the waters" point for a new idea I had. I want my new docker to be connected to the internet. I want to be able to manage said docker. But I do not want that docker to access my LAN or my server. Some assumptions: Gateway/Router = 192.168.1.1 unRAID = 192.168.1.10 What I was thinking was the docker could live in maybe its own wg network, call it wg3 (wg0-2 already in use for other things). then somehow wg3 needs access to the gateway, but only the gateway. then when I Need to manage the docker I could also join wg3 by connecting to the VPN as a client. 1: does this sound like a good idea? 2: I tried putting it on wg3 and while I can get on wg3 with my computer, the docker cannot see the outside world... Quote Link to comment
itimpi Posted February 10 Share Posted February 10 Does the docker need to be able to make outgoing connections to the internet, or are you just trying to secure it for purposes of inbound connections? Quote Link to comment
elmetal Posted February 10 Author Share Posted February 10 sorry, forgot to mention: The docker does need access to the internet. and since it'll need to be accessed from the internet (for gameplay) Quote Link to comment
itimpi Posted February 10 Share Posted February 10 40 minutes ago, elmetal said: sorry, forgot to mention: The docker does need access to the internet. and since it'll need to be accessed from the internet (for gameplay) In which case the container does not need to access the gateway itself (it is just accepting inbound requests FROM the gateway) as long as you can access the container via the wg3 network remotely then that should be enough. Quote Link to comment
elmetal Posted February 10 Author Share Posted February 10 Just now, itimpi said: In which case the container does not need to access the gateway itself (it is just accepting inbound requests FROM the gateway) as long as you can access the container via the wg3 network remotely then that should be enough. that's a great point I didn't think about the fact that it just needs to accept inbounds and not outbounds... Guess I have some testing to do Quote Link to comment
elmetal Posted February 10 Author Share Posted February 10 8 hours ago, itimpi said: In which case the container does not need to access the gateway itself (it is just accepting inbound requests FROM the gateway) as long as you can access the container via the wg3 network remotely then that should be enough. I can access the container remotely but the container has access to the server via the wg3 address 10.253.3.1.... how can I make sure the container cannot see the server. is it possible when the server itself is its route back to the internet? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.