I have two NICs on my system; one connected to a trusted internal network, and the other to a DMZ. I want certain applications to only communicate over the DMZ NIC, not the trusted one.
What’s the best way to force an app to use only the DMZ NIC for both inbound and outbound traffic?
Inbound: edit the app, pick the IP address of your DMZ NIC in Network settings.
Outbound: not possible.
In App settings scroll to Host IPs, click Add and select IP of that NIC.
Only that this does not change outbound behaviour in any way - just as I wrote.
I found a not-so elegant solution. I created a ‘macvlan’ via CLI that is only associated with the DMZ NIC, and then used the ‘convert to custom app’ function to turn my apps into a compose file. Then I modified, and provided the macvlan and static IP in the custom compose file.
I added/modified my compose file with this.
networks:
macvlan6:
external: True
name: dmz-macvlan
and
networks:
macvlan6:
ipv4_address: 192.168.6.11
This appears to achieve my goal but again; it’s not elegant, and for whatever reason, it doesn’t show the IPs/Ports I’m using under the ‘Workloads’ section which is a little disappointing.
