this post was submitted on 16 Mar 2025
5 points (100.0% liked)

Docker

1219 readers
1 users here now

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
5
Container traffic on a specific host interface (feddit.it)
submitted 2 days ago* (last edited 2 days ago) by [email protected] to c/[email protected]
2 comments fedilink hide all child comments
 

I want to be sure the torrent traffic of my transmission docker instance go through my VPN.

I got different interfaces with different vlans on the host. I want to be sure the container created with docker compose use only a specific interface. The interface with the correct vlan has IP 192.168.90.92

I have tested the host connectivity with: curl --interface ethX https://api.ipify.org/ and it's working fine, meaning that public ips are different.

I have tried with the following on the docker compose file:

ports: - 9091:9091 # Web UI port - 192.168.90.92:51413:51413 # Torrent port (TCP) - 192.168.90.92:51413:51413/udp # Torrent port (UDP)

However, the traffic is still coming from the default gateway.

Any idea?

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 3 points 2 days ago* (last edited 2 days ago) (1 children)

Here's my Gluetun configuration if it helps:

services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=openvpn
      - OPENVPN_CUSTOM_CONFIG=/gluetun/custom.conf
      - FIREWALL_VPN_INPUT_PORTS=XYZ
    ports:
      - 8080:8080 # webui
      - XYZ:XYZ/tcp
      - XYZ:XYZ/udp
    restart: always
    volumes:
      - ./gluetun:/gluetun
    env_file:
      - .env
    devices:
      - /dev/net/tun:/dev/net/tun

Have you specified network_mode: "service:gluetun" in your docker?

[โ€“] [email protected] 1 points 2 days ago* (last edited 2 days ago)

Gluetun

This is pretty interesting, I never used that before and I will have a look. However, it would be also interesting using my approach, use a local interface where the traffic is already filtered, that can be used on other scenarios.

There is probably something on a docker configuration telling that all my traffic should go out from the default interface.