I don’t know much about ip routing, but userns=keep-id id determined based on what podman is run as. For example, I run podman as user 1000 on the host, so if I do keep-id the user in the container will map to the same id. This often messes with things as the container require it is root inside it’s own context. It seems you are running podman as root, meaning that keep-id will map the container user to the actual root id, givintthe container essentially root access. Normally the container user is mapped to a random id on the host, like 653477, not 0. It’s unsafe to map the containers id to root as they would be unbounded if they managed to escape. I would recommend doing systemctl cat on the different services to see what the .container file expands to.
When it comes to the networking I think that you need to create a podman network with internal set to true. I believe that this restricts internet access. Then you would need to only let these services communicate with gluetun.
I don’t know if this was any help, but it’s all I’ve managed to learn from doing it myself.
Here are some liks I found:
https://lists.podman.io/archives/list/podman@lists.podman.io/thread/NKVFO4JQO5JLYKWXHHODC2WHQRG7A2KO/
https://docs.podman.io/en/v4.6.1/markdown/options/userns.container.html
You’re pretty :3