Comment on Is this safe to use?

• IronKrill@lemmy.ca ⁨1⁩ ⁨year⁩ ago

  I’m using Gluetun via Docker Compose as well right now and can happily say all the ports exposed via the ports: setting are local network only. I could port forward them via the router probably (haven’t tried) but I only use them for access via LAN. To expose ports over the VPN connection you use the FIREWALL_VPN_INPUT_PORTS environment variable. A stripped version of my current compose (example port numbers, not real) with LAN access to 6000 and WAN access to 1234 and 5678:

  services:
    gluetun:
      image: qmcgaw/gluetun:latest
      restart: unless-stopped
      container_name: gluetun
      cap_add:
        - NET_ADMIN # in the default compose file i dunno what this does tbh
      environment:
        - VPN_SERVICE_PROVIDER=custom
        - VPN_TYPE=openvpn
        - OPENVPN_VERSION=<redacted>
        - OPENVPN_USER=<redacted>
        - OPENVPN_PASSWORD=<redacted>
        - OPENVPN_CUSTOM_CONFIG=/gluetun/custom.ovpn
        - FIREWALL_VPN_INPUT_PORTS=1234,5678 # allows ports through VPN connection
        - FIREWALL_OUTBOUND_SUBNETS=192.168.0.0/24 # I found that I needed this for certain LAN access
      ports:
        - 6000:6000 # port i access via LAN
  

  source
• Evkob@lemmy.ca ⁨1⁩ ⁨year⁩ ago

  Any ports used in docker will be open on your computer and accessible to any device in your network.

  However, to open up a port to the internet, you’d have to do port-forwarding on your router. If you haven’t done that, any incoming connections will just be dropped at the router-level.

  source

  • catloaf@lemm.ee ⁨1⁩ ⁨year⁩ ago

    Assuming they use NAT. Almost certainly true for IPv4, very unlikely for IPv6. And you should have a firewall too.

    source

    • sugar_in_your_tea@sh.itjust.works ⁨1⁩ ⁨year⁩ ago

      Exactly. I have my firewall set up to block everything I don’t explicitly allow through. That way if I’m a little loose with running things on ports, it at least won’t leak ports past the firewall.

      source