I’m using Gluetun via Docker Compose as well right now and can happily say all the ports exposed via the ports: setting are local network only. I could port forward them via the router probably (haven’t tried) but I only use them for access via LAN. To expose ports over the VPN connection you use the FIREWALL_VPN_INPUT_PORTS environment variable. A stripped version of my current compose (example port numbers, not real) with LAN access to 6000 and WAN access to 1234 and 5678:
services: gluetun: image: qmcgaw/gluetun:latest restart: unless-stopped container_name: gluetun cap_add: - NET_ADMIN # in the default compose file i dunno what this does tbh environment: - VPN_SERVICE_PROVIDER=custom - VPN_TYPE=openvpn - OPENVPN_VERSION=<redacted> - OPENVPN_USER=<redacted> - OPENVPN_PASSWORD=<redacted> - OPENVPN_CUSTOM_CONFIG=/gluetun/custom.ovpn - FIREWALL_VPN_INPUT_PORTS=1234,5678 # allows ports through VPN connection - FIREWALL_OUTBOUND_SUBNETS=192.168.0.0/24 # I found that I needed this for certain LAN access ports: - 6000:6000 # port i access via LAN
Evkob@lemmy.ca 5 days ago
Any ports used in docker will be open on your computer and accessible to any device in your network.
However, to open up a port to the internet, you’d have to do port-forwarding on your router. If you haven’t done that, any incoming connections will just be dropped at the router-level.
catloaf@lemm.ee 4 days ago
Assuming they use NAT. Almost certainly true for IPv4, very unlikely for IPv6. And you should have a firewall too.
sugar_in_your_tea@sh.itjust.works 4 days ago
Exactly. I have my firewall set up to block everything I don’t explicitly allow through. That way if I’m a little loose with running things on ports, it at least won’t leak ports past the firewall.