Proxy two network interfaces - local and an internet connected network

In a project I am using a RaspberryPi 3 running balenaOS (resinOS) with two network interfaces. One connects to the internet while the other connects to an internal, non-internet connected WiFi network. The internal network has several IoT devices that are connected via MQTT. This separation is mainly due to security and stability reasons.

It would be useful for some IoT devices to access pypi.com and the apt repos. Is there a tried and trusted method to realize this as a Docker service or are there other mechanisms that balenaOS offers?

Hey there!

Interesting use case! I believe you can setup NetworkManager to share the internet connection from the external interface to the internal network, and maybe configure some ip tables rules to restrict the hosts that the internal devices will be able to access?

Would something like that solve your problem?

Hi Juan,

that would definitely be a solution. This could be realized with the root console, but do you have an idea how this can be deployed across a fleet?

Best,
Moritz

Hi,
You can talk the NM from a container via DBUS, so you can have a script that runs you NM commands on a container, and if you give a container network_mode: ‘host’, this container can modify the ip tables rules of the host OS. I hope this helps.

Cheers,
Andreas