Accessing Devices on Host's LAN from Rootless Docker Container?

Hey there, it seems I’m trying to do the impossible over here. Can’t find a solution to this anywhere. Have just finished setting up my Docker Compose stack on Debian. Decided to go with Rootless Docker this time as I do have a fair few exposed services I want to be safe (I know not necessary but thought it wouldn’t hurt either).

The issue is I cannot find a way to access devices on my LAN from inside a Docker Container. My specific use case it accessing local APIs from my Homepage. Accessing devices on the internet or on other docker bridge networks is not a problem, but I can’t access any devices on my local network. It just times out, have tested from the shell’s within the containers and it just times out.

I’ve searched plenty and can’t find any solutions. Anyone have any ideas or shares a similar setup?

$ lsb_release -a
No LSB modules are available.
Distributor ID:Debian
Description:Debian GNU/Linux 12 (bookworm)
Release:12
Codename:bookworm
$ docker version  
Client:
 Version:           27.3.1
 API version:       1.47
 Go version:        go1.22.7
 Git commit:        ce12230
 Built:             Fri Sep 20 11:39:44 2024
 OS/Arch:           linux/amd64
 Context:           rootless

Server: Docker Engine - Community
 Engine:
  Version:          27.3.1
  API version:      1.47 (minimum version 1.24)
  Go version:       go1.22.7
  Git commit:       41ca978
  Built:            Fri Sep 20 11:41:02 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.7.22
  GitCommit:        7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
 runc:
  Version:          1.1.14
  GitCommit:        v1.1.14-0-g2c9f560
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
 rootlesskit:
  Version:          2.3.1
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       builtin
  StateDir:         /run/user/1000/dockerd-rootless
 slirp4netns:
  Version:          1.2.0
  GitCommit:        656041d45cfca7a4176f6b7eed9e4fe6c11e8383

What does that mean?

Accessing Devices on Host’s LAN from Rootless Docker Container

You want to open a plain TCP connection? To which IP? What’s the container setup and code?

I understand the security concern. How about just assigning the containers to a dedicated non-root user?

Here is the docker-compose.yaml:

services:
  homepage:
    image: ghcr.io/gethomepage/homepage:nightly
    container_name: homepage
    environment:
      TZ: Australia/Melbourne
    volumes:
      - /opt/homepage:/app/config
    restart: unless-stopped
    networks:
      networking_homepage_swag:
    labels:
      - com.centurylinklabs.watchtower.enable=true
      - traefik.enable=true
      - traefik.http.routers.homepage.rule=Host(`**removed_url**`)
      - traefik.http.routers.homepage.entrypoints=websecure
      - traefik.http.routers.homepage.tls=true
      - traefik.http.routers.homepage.service=homepage
      - traefik.http.services.homepage.loadbalancer.server.port=3000 
      - traefik.docker.network=networking_homepage_swag
    dns:
     - 1.1.1.1
     - 1.0.0.1

networks:
  networking_homepage_swag:
    external: true

Just trying to make HTTP GET requests mostly to APIs like the OPNSense one, so at my router’s IP 192.168.1.1 for example. Main reason I can’t just use network_mode: host is I am using Docker networking for things like a Traefik reverse-proxy.

Although this issue isn’t restricted to the Hompage container, none of my containers allow access to local networks addresses. Whereas anything on the internet or in a connected Docker network is no problem, is this just a limitation of Rootless Docker?