I went through the tutorials and built containers connected to a bridge NAT’d behind my host’s real IP. Played with the port forwarding feature to expose some services of containers as desired. All worked great, really pleased. It may serve me just as it is, however I was thinking of segregating VMs from communicating with the host or at least with some firewall filtering between them. I also pictured maybe filtering the traffic between containers by creating additional bridges and some type of filtering between there.
I love the simplicity of NATing and port forwarding based off of container name, makes things flexible. What are some examples of the preferred method to filter traffic between containers and host or another container? What is the preferred networking for containers in a production environment? Are people mostly going with bridges w/ NAT?
I am familiar with VMWare switching/routing and networking in general. I have attached some ideas I had. I like visuals! What comes to mind is router on a stick, which would give you filtering at a physical firewall, with good logging and monitoring capabilities, however that would be additional hairpin traffic over the link. I also though of routing at the host level which I would then rely on IPTables for routing. Maybe the current configuration works for me, bridges and NATing through the host. Maybe you with linux networking experience and container experience could point me to some best practices on efficiency and design. The firewall filtering is where I really have a lot of questions on how to do that properly. I have been reading all the great documentation on the website but there isn’t a lot on guidance for these questions, more of tons of options. Thanks for the help.