Grinas
Contributor
- Joined
- May 4, 2017
- Messages
- 174
I am migrating from freenas core with jails to scale with containers so moving my jails to containers.
One issue i am finding is that i had a number of Firewall(pfsense) rules that restrict access of jails to specific segments of my network and so they can not access the internet. The rules to remote IPs now dont work as these containers seems to have the truenas host IP when communicating outside of the network but use their own IP when communicating inside.
Looking at the settings of the containers there is a networking section and the ability to create Static Routes. I suppose i could use that to block access to the whole internet by creating static route blackholes but this would have to be done in segments as i still need the containers to be able to reach local devices and some other containers running.
Is there an easy way for me to limit the containers access like there is with docker-compose so the container can access only 192.168.0.0/24, 192.168.1.0/24, 172.16.0.0/24? Or better yet is it possible to make the containers use their own IP like jails do so previous rules on the pfsense firewall will do the trick?
I know i can update the existing rules to add the truenas host IP but i want that to be able to access the internet.
One issue i am finding is that i had a number of Firewall(pfsense) rules that restrict access of jails to specific segments of my network and so they can not access the internet. The rules to remote IPs now dont work as these containers seems to have the truenas host IP when communicating outside of the network but use their own IP when communicating inside.
Looking at the settings of the containers there is a networking section and the ability to create Static Routes. I suppose i could use that to block access to the whole internet by creating static route blackholes but this would have to be done in segments as i still need the containers to be able to reach local devices and some other containers running.
Is there an easy way for me to limit the containers access like there is with docker-compose so the container can access only 192.168.0.0/24, 192.168.1.0/24, 172.16.0.0/24? Or better yet is it possible to make the containers use their own IP like jails do so previous rules on the pfsense firewall will do the trick?
I know i can update the existing rules to add the truenas host IP but i want that to be able to access the internet.
Last edited:
