Hi all,
I am quite new to docker and “developed” some container and was very happy about it. I love it, especially working docker together with portainer.
So, I created a container (AdGuard) and a container (Wireguard, Client to mullvad). Both are working for themselves as espected.
AdGuard is using network_mode bridge and mapped it own port as default described in the docs. WireGuard is also using network_mode bridge.
Bridge interface: 172.17.0.0/16 and gateway 172.17.0.1
eth0 interface: 192.168.2.0/32, gateway 192.168.2.1 and ipv4 adress: 192.168.2.92
What I want to have:
AdGuard’s outgoing traffic route to wireguard container, connected to mullvad.
What I have already done:
-
Using network_mode container:wireguard / service:wireguard and bind the ports on wireguards container.
=> I was not able to get access to AdGuards webinterface -
In network_mode bridge, I set up in AdGuard a new default gateway (route delete default gw 172.17.0.1; route add default gw 172.17.0.2 [172.17.0.2 is the ip adress of wireguards container] eth0) and bind the ports back to AdGuards container
=> no access to AdGuards webinterface, but was connected to mullvad and curl ipinfo.io send back the mullvad IP
Continued to point 2, I tried portforwarding in wiregurds container, like
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 172.17.0.5:80
172.17.0.5 is AdGuards container ip…
Unfortunaly, it doesnt work.
I think the problem is the reachable of the AdGuard container from incomming requests of 192.168.2.92:80. These request should forward to 172.17.0.5 without going to wireguards container.
So, I dont know how to say to wireguards container, that all requests from 192.168.2.x are route to the normal container.
I also tried in my wg0.conf allowed_ips to 172.17.0.0/24 but still not work 
May someone can help me, please? 
Specs:
raspberry pi 5 (8gb)
raspberyy pi os lite
latest docker
latest portainer
latest wireguard
latest adguard