Remote access to containers in bridge/host networking mode

ufish205

By ufish205
in Docker Engine

Go to solution Solved by JonathanM,

Recommended Posts

ufish205 Noob

ufish205

Posted
Posted

My situation is this: connecting to my home network remotely via Wireguard. I have access to the main UNRAID dashboard. I have two docker containers running, bbergle-jellyfin in host mode and binhex-qbittorrentvpn in bridge mode.

 

I can access my Jellyfin GUI, but I am unable to access my qBitttorrent GUI. I assume this is because of the differences between host and bridge networking modes.

 

HOWEVER, I know that running containers in bridge networking mode is best practices from a security standpoint. Is there a way to make both containers run in bridge networking mode, and still have access to their web GUIs when VPN'd in from an external machine? Or do I have to suck up the security implications, and run them both as host mode for any chance of this working?

 

Thanks!

Link to comment
ufish205 Noob

ufish205

Posted
  • Author
Posted

Adding a screenshot for some clarification:

 

image.png.6be1311985537968fe512159fa9b4793.png

 

(while on Wireguard tunnel) UNRAID dashboard responds at 192.168.50.161/login

(while on Wireguard tunnel) jellyfin responds at 192.168.50.161:8096

(while on Wireguard tunnel) qbittorrent does NOT respond on 192.168.50.161:8080

This shows the NAT translation is working automagically when I connect as the Wireguard peer.

 

Furthermore, the Wireguard VPN running is assigning IPs 10.253.0.1/24, so the dashboard is also available at 10.253.0.1/login, jellyfin is available at 10.253.0.1 port 8096, but qbittorrent is NOT available at 10.253.0.1 port 8080.

 

So either it's not doing NAT because it doesnt know qBittorrent is there, or its the networking mode, or it could even be a different with the docker image, I suppose...

Link to comment
  • Solution
JonathanM Grand Master

JonathanM

Posted
  • Solution
Posted

binhex's vpn containers are locked down tight, all IP's that need to access the GUI must be whitelisted in the container template.

See Q30

https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Probably a good idea to read the whole thing, there's a lot of good info about using his containers.

 

p.s. Each container has it's own support thread, to keep all the information in one place. You are meant to post in the specific thread for container support, not start a new thread. For Unraid OS specific questions, you ARE meant to start your own thread in the general support area.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing