Port forwarding to service using gluetun in docker container

[Rakray 0]

hi,
I'm trying to get access to service on my homelab the problem is my ISP does not provide public IP addresses,
thats why i tried to setup port forwarding using airvpn.
I created new device and forwarded a port for this device.
Then i added gluetun to my docker compose as below:

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 12345:1234 # manyfold web interface
      - 1234:1234
    volumes:
      - /docker/gluetun:/gluetun
    networks:
      - manyfold
    environment:
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PUBLIC_KEY= KEY
      - WIREGUARD_PRIVATE_KEY= KEY
      - WIREGUARD_PRESHARED_KEY= KEY
      - WIREGUARD_ADDRESSES= IP_ADDRESS
      - SERVER_REGIONS= Europe
      #- VPN_PORT_FORWARDING= on
      # FREE_ONLY = on
      - FIREWALL_VPN_INPUT_PORTS=12345
      - HEALTH_VPN_DURATION_INITIAL=120s
      - DNS_ADDRESS=127.0.0.11
      #- CLI_ARGS=--run-script /gluetun/post_startup_script.sh
      #- DNS_KEEP_NAMESERVERS=on
    healthcheck:
      test: ping -c 1 www.google.com || exit 1
      interval: 60s
      timeout: 20s
      retries: 5
    restart: unless-stopped

  deunhealth:
    image: qmcgaw/deunhealth
    container_name: deunhealth
    network_mode: "none"
    environment:
      - LOG_LEVEL=info
      - HEALTH_SERVER_ADDRESS=127.0.0.1:9999
      - TZ=Poland/Warsaw
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  app:
    image: ghcr.io/manyfold3d/manyfold:latest
    #ports:
      #- 1234:1234
    volumes:
      - /library:/library
    labels:
      - deunhealth.restart.on.unhealthy= "true"
    environment:
      DATABASE_ADAPTER: postgresql # mysql2 or sqlite3 are also supported
      DATABASE_HOST: postgres-server
      DATABASE_PORT: 2345 # only needed for non-standard ports
      DATABASE_NAME: manyfold # or the path to the database file if using sqlite3
      DATABASE_USER: USER
      DATABASE_PASSWORD: PASSWORD
      SECRET_KEY_BASE: KEY
      REDIS_URL: redis://redis-server:3456/1
      PUID: 1000
      PGID: 1000
      MULTIUSER: enabled
      MANYFOLD_BIND_ADDRESS: 0.0.0.0
      # For details of other optional environment variables, including features such
      # as multiuser mode, visit https://manyfold.app/sysadmin/configuration.html
    restart: unless-stopped
	depends_on:
      postgres-server:
        condition: service_started
      redis-server:
        condition: service_started
      gluetun:
        condition: service_healthy
        restart: true
    #networks:
      #- manyfold
    network_mode: service:gluetun
    # Optional, but recommended for better security
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - DAC_OVERRIDE
      - SETUID
      - SETGID
    healthcheck:
        test: ping -c 1 www.google.com || exit 1
        interval: 60s
        retries: 3
        start_period: 20s
        timeout: 10s

  postgres-server:
    image: postgres:15
    volumes:
      - db_data:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: User
      POSTGRES_PASSWORD: PASSWORD
    restart: unless-stopped
    networks:
      - manyfold

  redis-server:
    image: redis:7
    restart: unless-stopped
    networks:
      - manyfold

volumes:
  db_data:

networks:
  manyfold:
    driver: bridge

the problem is i'm getting "Connection Refused(111)" while testing the tunnel in client Area

Additional info:
manyfold is hosted in as docker container inside unpriviliged LXC created in Proxmox