iptables

iptables

1
2
3
sudo iptables -t nat -A  DOCKER -p tcp --dport 8081 -j DNAT --to-destination 172.17.0.2:8080

sudo iptables -t nat -A  DOCKER -p tcp --dport 8081 -j DNAT --to-destination 172.17.0.2:8080

1、PREROUTING链

1.1 查看NAT表中的PREROUTING链

1
sudo iptables -t nat --list-rules PREROUTING

结果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
-P PREROUTING ACCEPT
-A PREROUTING -p tcp -m addrtype --dst-type LOCAL -j DOCKER

sudo iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -j DOCKER
sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.9.151:8080
sudo iptables -t nat --list-rules DOCKER
sudo iptables -t nat -D DOCKER ! -i docker0 -p tcp -m tcp --dport 8081 -j DNAT --to-destination 172.17.0.2:8080

sudo iptables -t nat --list-rules POSTROUTING
sudo iptables -t nat -D POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 8080 -j MASQUERADE

sudo iptables --list-rules DOCKER
sudo iptables -t filter -D DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT

curl 172.17.0.2:8080/test/hello

sudo iptables -t nat -vnL DOCKER --line-number

sudo iptables -t nat -D DOCKER 4

sudo iptables -t nat --list-rules PREROUTING
sudo iptables -t nat -D PREROUTING -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.9.151:8080
linux > docker
iptables
https://realwujing.github.io/linux/docker/iptables/
作者
Wu Jing
发布于
2024年7月23日
许可协议