#$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE $IPTABLES -t nat -A PREROUTING -p tcp -i $EXTIF -dport 80 -j DNAT -to $INT80:80Įcho "NAT: Enabling SNAT (MASQUERADE) functionality on $EXTIF." (normally commented out) see also FORWARD area. For instance, you need to be able to connect to the host network from inside a Docker container to access your app or database running locally on the host.
Once in a while, you may need your Docker hosts IP address.
#DOCKER IP FORWARDING INSIDE CONTAINER HOW TO#
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT Docker Tip - How to use the hosts IP Address inside a Docker container on macOS, Windows, and Linux. $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp -dport 80 -d $INT80 -m state -state NEW -j ACCEPT $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp -dport 80 -d $INT80 -m state -state NEW -j LOG -log-prefix "PFNEW80:" -log-level info $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state -state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A OUTPUT -o $EXTIF -s $EXTIP -d $UNIVERSE -j ACCEPTĮcho "FWD: Allow all connections OUT and only existing/related IN." That would be a rather unelegant but satisfaying solution. # anything else outgoing on remote interface is valid Since we need to forward a specific ip address to another one we can simply use: ip -6 route add xxxx:yy:: via aaaa:bb::c. $IPTABLES -A OUTPUT -o $INTIF -s $INTIP -d $INTNET -j ACCEPT # server source going to the local net is valid $IPTABLES -A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT $IPTABLES -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT $IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state -state ESTABLISHED,RELATED -j ACCEPT # Allow any related traffic coming back to the server in. $IPTABLES -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT # At this point local interface, local machines, going anywhere is valid In 'normal' Ubuntu with Docker, you can access containers using their IP (that you determine from 'docker container inspect id'). $IPTABLES -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT # Smythies: While my references do not have it, I think this is needed. #CRITICAL: Enable IP forwarding since it is disabled by defaultĮcho " Clearing any existing rules and setting default policy to DROP." # Only needed if not already done elesewhere # For example: Please replace with real desintation IP addressĮcho " External Interface: $EXTIF Internal Interface: $INTIF External IP: $EXTIP Internal Network: $INTNET Internal IP: $INTIP" # For example: Please replace with real IP address #Setting the EXTERNAL and INTERNAL interfaces and addresses for the network #!/bin/shĮcho "Loading Mazzy Example iptables rules set. I have guessed at some addresses, you will have to edit for what you really need. Here is an example iptables rule set script for my guess as to what you need / want.
0 kommentar(er)
