Transmission in docker on a separate network

    Hi, I am having an idea, that I would need you opinions on:


    My network setup is the following: i have an ONT from my ISP providing 600/60 connectivity. Behind this ONT there is my own router handling all the routing, firewall rules etc. the ONT is set to DMZ mode towards my router (i know bridge mode would be better, but it's complicated with the ISPs tech support). Also there's a gigabit switch behind the router, where all my devices are connected to.

    Now my issue is, that my router is only a megabit one, but due to the large amount of custom config in there, i am lazy to replace it. Essentially my internal network is a gibabit one, but my internet gateway is bottlenecked by the router. Not a big deal, I don't have much use to that ISP speed anyhow.


    Here's my idea:

    eth0 of my OMV server will connect trough my router, as it is right now. eth1 of the OMV server would be connected to the ONT, getting the full WAN connectivity. Now i would somehow make transmission expose trough this network to the net, probably trough macvlan. But, i need that my other docker containers are able to communicate with transmission, while keeping them isolated from the WAN.


    The big question is: is that scenario even possible? Based on my limited docker knowledge I have some doubts.


    My another option would be to play around with VLANs in my switch, but that would be a discussion for a different subforum.

    SuperMicro CSE-825, X11SSH-F, Xeon E3-1240v6, 32 GB ECC RAM, LSI 9211-8i HBA controller, 2x 8 TB, 1x 4 TB, 1x3TB, MergerFS+SnapRAID

    Powered by Proxmox VE

    This is doable. I've got a couple of different things setup, but the best one is Traefik. I've got two networks configured in Docker, traefik-proxy and outside-services. Outside-services is configured as macvlan, and traefik-proxy is a standard bridge network. Anything I want to be only accessible through the proxy goes solely on traefik-proxy. Traefik, on the other hand, goes on both traefik-proxy and outside-services, and is assigned an IP address. The config with docker-compose looks like this:


    Code
        traefik:
        container_name: traefik-1
        expose:
            - 80/tcp
            - 443/tcp
            - 8080/tcp
        networks:
            outside-services:
                ipv4_address: 'aa.bb.cc.254'
            traefik-proxy:


    Now that's my example, I would expect you would do something similar with the macvlan network for your ISP connection and your bridge network for all your other containers. Also remember that expose is generally used for opening ports on macvlan networks and not for mapping on bridge networks, so if you're translating to standard docker run for that you probably wouldn't want to do any port exposes for a download-only client.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden