Sorry for the long post but wanted to articulate as clearly as possible, so attached a diagram that shows my current Home Lab setup and also my idea on how I would like to set it up.
I’m running docker 27.1.1 on ubuntu 24.04 on “Server 1”, which has 2 ethernet ports connected to 2 different VLANS. I am exposing port 443 to the internet and port forwarding to 10.0.0.20 in VLAN 99, which is then handled by nginx through the “lablan” docker bridge network.
It all works fine, but have been looking at whether using cloudflare tunnels might be a more secure option. From the research I have done, one piece of advice is to put cloudflared in a segregated VLAN in case the tunnel gets compromised.
I have tried creating the ‘dmz’ docker network bound solely to VLAN 99 using a variety of settings (bridge, ipvlan, macvlan) but it seems a container connected to it can still access devices in the 192.168.0.0/16 range (or breaks connectivity in to docker on Server 1 completely!)
So I’m looking for advice to say whether what I’ve sketched out is possible, and if so, what would be the recommended way to do it?
Thanks for any advice.