I’m trying to setup a system with a number of Docker containers across multiple Docker networks, to limit access. The piece I’m struggling with, is that I want a bridge network allowing containers within it to be accessible from outside the host on specific ports and also for it to have access to communicate with devices connected to a specific network interface on the host but not the internet.
Here’s my docker compose so far:
version: "3.4" services: isolated_comms: image: nginx:stable container_name: isolated_comms networks: - local_network environment: EXTERNAL_IP: 192.168.168.1 isolated_webserver: image: httpd container_name: isolated_webserver networks: - local_network ports: - "192.168.168.1:80:80" isolated_busybox: image: busybox container_name: isolated_busybox command: sleep 1000 networks: - local_network networks: local_network: driver: bridge driver_opts: com.docker.network.bridge.enable_ip_masquerade: "false"
The containers above are running on a Raspberry Pi, Ethernet port on it has static IP 192.168.168.1 and connected to that port is my Laptop which has static IP 192.168.168.2.
As it is now, I can connect to the
isolated_webserver from my laptop by navigating to 192.168.168.1 via a web browser, so inbound access is OK. On my laptop I’m running a simple web server from python (
python -m http.server 80). I cannot access the webserver running on the laptop from the
isolated_comms container on the Pi through
docker exec -it isolated_comms curl 192.168.168.2:80
I think I’m missing some iptables rules, which I’m unsure where to start from, but the bigger question is, am I trying to do this the right way or is there a better approach?
Source: Docker Questions