Guest Join UsHey Guest,
Welcome, Join our awesome community where you can discuss on various topics :-
Some point about your community
Some point about your community
Some point about your community
Some point about your community
Some point about your community
Some point about your community
Some point about your community
Much More.. or Create an Account


I am super Awesome Announcement, with links and can be used to announce important things. Check here
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Block Docker containers accessing internet except through VPN
#1
I have several Docker containers running on a user-defined network, docker_vpn with subnet 10.0.2.0/24.

The machine they are on is using OpenVPN in client mode to connect to the internet.

I want to use iptables so that containers on this network can:
  • Communicate with other devices on my LAN (192.168.0.0/24) (presumably forwarded using the physical network device enp7s0?)
  • Can only access WAN addresses via the VPN gateway on tun0 (so that if the VPN connection drops, packets that get forwarded via the default gateway on 192.168.0.0 on enp7s0 get dropped).
I have tried several different iptables rules, mostly based around using the mangle table to mark packets from 10.0.2.0/24 in prerouting and setting up rules in the filter FORWARD chain to drop marked packets that appear to be going out via the wrong interface. But this approach has not worked at all - I think I must be misunderstanding something fundamental about how the packets are moving through interfaces as they are forwarded.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)

About LinuxServer.io

Focus MyBB Theme is designed for MyBB 1.8 series and is tested properly till the most current version of MyBB i.e. 1.8.9. It is simple, clean and light MyBB theme with use of font-awesome icons and shrinking header.

For any more information, please use our contact form.

              Quick Links

              User Links

              Advertise