Remove internet access to a docker container, but should be able to connect to a remote SFTP server via SSH

Question

As mentioned in the subject, I want to create a docker container where it has no internet connection, but it can connect to a remote SFTP server, via SSH protocol. Picture below is WHAT I WANT TO ACHIEVE: What I was able to do so far is to remove the internet connection by specifying internal: true in the docker-compose file:

networks:
  backend:
    name: true
    driver: bridge
    internal: true

But with this network setting, the docker container cannot connect to the SFTP server. So with this, I tried using enable_ip_masquerade to false as mentioned here.

networks:
  backend:
    name: backend
    driver: bridge
    driver_opts:
      com.docker.network.bridge.enable_ip_masquerade: "false"

But still, the docker container cannot connect to the SFTP server.

Greatly appreciate any ideas/inputs on how to do this correctly? Thanks in advance

Answer 1

Apparently, just removing the ports mapping in docker-compose, and leaving the expose did the trick.

Answer 2

So I think I figured it out. I was operating on the $dom object the entire time which contains the entire XML tree. I believe what I needed to do was operate on the piece of the tree that I am looking at, like this:

#!/usr/bin/perl -w

use XML::LibXML

open ($xml_fh, "<test.xml");
my $dom = XML::LibXML->load_xml(IO => $xml_fh);;
close($xml_fh);


for $chapter ($dom->findnodes('/file/chapter')) {
        print "Chapter #" . $chapter->findvalue('@number') ."\n";
        foreach $section ($chapter->findnodes('section')) {
                print " Section #" .$section->findvalue('@number') . "\n";
                foreach $subsection ($section->findnodes('subsection')) {
                        print "  Subsection #" . $subsection->findvalue('@number') . "\n";
                }
        }
}

which results in output more like I was hoping for:

Chapter #1
 Section #abc123
  Subsection #abc123.(s)(4)
Chapter #208
 Section #dgfj23
  Subsection #dgfj23.(s)(4)
Chapter #998
 Section #xxxid
  Subsection #xxxid.(s)(4)

Here is a little bit of a neater example which helps illustrate that I am now addressing the specific part of the tree obtained from the previous loop that I am currently inside:

#!/usr/bin/perl -w

use XML::LibXML

open ($xml_fh, "<test.xml");
my $dom = XML::LibXML->load_xml(IO => $xml_fh);;
close($xml_fh);


my @chapters = $dom->findnodes('/file/chapter');

for $chapter (@chapters) {
        my $chapterNo = $chapter->findvalue('@number');
        print "Chpater #$chapterNo\n";

        @sections = $chapter->findnodes('section');
        for $section (@sections) {
                my $sectionNo = $section->findvalue('@number');
                print " Section #$sectionNo\n";

                @subsections = $section->findnodes('subsection');
                for $subsection (@subsections) {
                        my $subsectionNo = $subsection->findvalue('@number');
                        print "  Subsection #$subsectionNo\n";
                }
        }
}