Separate greenbone scan iface

Hi, I have a docker installation for my greenbone setup. The thing is that I want to do the scans via my public IP address, while accessing the web interface by the private address. I did the second thing by putting into the ports section the address like this:

gsa:
image: registry.community.greenbone.net/community/gsa:stable
restart: on-failure
# Opciones para usar conexiones cifradas
environment:
- GSAD_ARGS=–no-redirect --http-sts --gnutls-priorities=SECURE256:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3
ports:
- <private_address>:443:443

Could it be done something similar for the scans so are being initiated on the public address??

Your question is a bit confusing to me since you mention that you want to scan with a separate interface in the title, yet from a separate IP address in the question body. However, typically multiple interfaces share the same IP address. Maybe you can clarify your question with more details.

If I understand you correctly, then this may help: by default, OpenVAS uses the operating system’s default network configuration. It usually selects the default network interface for outgoing network traffic based on the machine’s routing table and the target addresses being scanned. So, the answer to the question I think you are asking would be to configure the default routing on the openvas-scanner container.

Sorry, but I’m not familiar with Docker, and maybe someone else can contribute an answer here, but in the docker-compose.yml file, you can specify the network_mode: "host" for the openvas container. This will allow the container to use the host machine’s networking stack directly, and it will use the network interfaces available on the host, for which you can configure the default routing to specify an interface for the external IP address you want to scan.

something like:

  openvas:
    image: registry.community.greenbone.net/community/openvas-scanner:stable
    restart: on-failure
    volumes:
      - openvas_data_vol:/etc/openvas
      - openvas_log_data_vol:/var/log/openvas
    network_mode: "host"  # tell openvas container to use the host's network
    command:
      - /bin/sh
      - -c
      - |
        cat /etc/openvas/openvas.conf
        tail -f /var/log/openvas/openvas.log
    depends_on:
      configure-openvas:
        condition: service_completed_successfully