Is there any way to isolate two different NICs?

NullIndent · 29. September 2023

The server has two network interfaces, which are on different network segments.

eth0 is located on the 10.10.10.0/24 network segment, and eth1 is located on the 10.10.11.0/24 network segment.

All content can be accessed by the current two network cards.

For security reasons, I want to isolate the two network cards. The eth0 network card only passes the data of the host, and the eth1 network card only passes the data of the docker container.

Any suggestions would be greatly appreciated!!!

ryecoaaron · 29. September 2023

The only OMV way to do that is with firewall/iptables rules but docker will probably mess with those. You could force your docker network to only listen on one adapter and use firewall rules for the data on the other.

NullIndent · 29. September 2023

Zitat von ryecoaaron

force your docker network to only listen on one adapter

I have considered this solution, but after consulting the docker documentation, I did not find a way to only listen to one adapter.

ryecoaaron · 29. September 2023

Zitat von NullIndent

after consulting the docker documentation, I did not find a way to only listen to one adapter.

It is very easy. You just add it to the port in your compose file:

Code

ports:
- "192.168.13.15:8001:8001"

NullIndent · 29. September 2023

Zitat von ryecoaaron

add it to the port in your compose file

It seems that I have fallen into a blind spot in my thinking. What I have been thinking about is to let the docker program complete this thing!

Thank you very much for your help!!!

Is there any way to isolate two different NICs?

NullIndent 29. September 2023

Jetzt mitmachen!