June 3, 20242 yr I don't want the port fully exposed on my LAN, it just seems like terrible security if anyone else is using the LAN. I am actually a bit surprised there isn't better security for this. I would like to just make an SSH tunnel so I can access it via localhost. Then I could do like # ssh -L 1234:127.0.0.1:1234 [email protected] Then connect with a web browser to 127.0.0.1:1234 from my workstation. There doesn't appear to be a way to do this unless I can do it with a specific network type. I saw guides for SSH tunneling to Unraid but they still assume the docker port will be fully exposed to the LAN.
June 3, 20242 yr Author I have tried doing something like this: iptables -A INPUT -p tcp -s localhost --dport 1234 -j ACCEPT iptables -A INPUT -p tcp --dport 1234 -j DROP However, I can still access it via the LAN... I don't want it accessible from anywhere except localhost.
June 3, 20242 yr Author Solution Remove any ports configured and use this in the extra parameters: -p 127.0.0.1:1234:1234
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.