Webportal test Environment Iptables rules

Source: Internet
Author: User

The current Iptables NAT table rules:

[Email protected] ~]# iptables-t NAT-S-P prerouting ACCEPT-P postrouting ACCEPT-P OUTPUT ACCEPT-N DOCKER-A prerouting-m addrtype--dst-type LOCAL-J DOCKER-A Postrouting-s172.17.0.0/ -! -D172.17.0.0/ --J Masquerade-A Postrouting-s172.17.0.0/ -! -D172.17.0.0/ --J Masquerade-A Postrouting-s172.17.0.0/ -! -D172.17.0.0/ --J Masquerade-A OUTPUT! -D127.0.0.0/8-M addrtype--dst-type LOCAL-J DOCKER-A DOCKER! -I docker0-p tcp-m TCP--dport18000-j DNAT--to-destination172.17.0.26:8000-A DOCKER! -I docker0-p tcp-m TCP--dport28000-j DNAT--to-destination172.17.0.27:8000-A DOCKER! -I docker0-p tcp-m TCP--dport18001-j DNAT--to-destination172.17.0.29:8001-A DOCKER! -I docker0-p tcp-m TCP--dport28001-j DNAT--to-destination172.17.0.30:8001-A DOCKER! -I docker0-p tcp-m TCP--dport38001-j DNAT--to-destination172.17.0.34:8001-A DOCKER! -I docker0-p tcp-m TCP--dport48001-j DNAT--to-destination172.17.0.37:8001-A DOCKER! -I docker0-p tcp-m TCP--dport38081-j DNAT--to-destination172.17.0.38:8081-A DOCKER! -I docker0-p tcp-m TCP--dport38080-j DNAT--to-destination172.17.0.39:8080-A DOCKER! -I docker0-p tcp-m TCP--dport50022-j DNAT--to-destination172.17.0.38: A-A DOCKER! -I docker0-p tcp-m TCP--dport18080-j DNAT--to-destination172.17.0.53:8080-A DOCKER! -I docker0-p tcp-m TCP--dport28080-j DNAT--to-destination172.17.0.54:8080-A DOCKER! -I docker0-p tcp-m TCP--dport28081-j DNAT--to-destination172.17.0.55:8081-A DOCKER! -I docker0-p tcp-m TCP--dport18081-j DNAT--to-destination172.17.0.56:8081-A DOCKER! -I docker0-p tcp-m TCP--dport21022-j DNAT--to-destination172.17.0.56: A-A DOCKER! -I docker0-p tcp-m TCP--dport22022-j DNAT--to-destination172.17.0.55: A-A DOCKER! -I docker0-p tcp-m TCP--dport23022-j DNAT--to-destination172.17.0.53: A-A DOCKER! -I docker0-p tcp-m TCP--dport24022-j DNAT--to-destination172.17.0.54:22

Second, add delete the specified rule chain 1. View corresponding rules for Numberchain prerouting (policy ACCEPT 5011 packets, 232K bytes) num pkts bytes target prot opt            In Out source destination 1 445 26784 DOCKER All--* * 0.0.0.0/0 0.0.0.0/0 addrtype match Dst-type LOCAL Chain postrouting (Policy ACCEPT 397 packets, 25359 bytes) Num p   kts bytes Target prot opt in Out source destination 1 4477K 269M Masquerade All-- * * 172.17.0.0/16!172.17.0.0/16 2 102 6188 Masquerade All--* * 172.17.0.0/       !172.17.0.0/16 3 0 0 Masquerade All--* * 172.17.0.0/16!172.17.0.0/16               Chain OUTPUT (Policy ACCEPT 358 packets, 23019 bytes) num pkts bytes target prot opt in Out source Destination 1 1 DOCKER All--* * 0.0.0.0/0!127.0.0.0/8 ADD Rtype Match Dst-type LOCAL Chain DOCKER (2 references) num pkts bytes target prot opt in Out source destination 1 18127 1078K DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:18000 to:172.17.0. 26:8000 2 18082 1076K DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:28000 to:17 2.17.0.27:8000 3 1329 78652 DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:1800 1 to:172.17.0.29:8001 4 1219 72316 DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP D           pt:28001 to:172.17.0.30:8001 5 936 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0           TCP dpt:38001 to:172.17.0.34:8001 6 4836 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:48001 to:172.17.0.37:8001 7 4728 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0. 0.0/0 TCP DPT:38081 to:172.17.0.38:8081 8 912 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 t           CP dpt:38080 to:172.17.0.39:8080 9 4 208 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0            TCP dpt:50022 to:172.17.0.38:22 1248 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:18080 to:172.17.0.53:8080 2444 DNAT TCP--! Docker0 * 0.0.0.0/0 0.            0.0.0/0 TCP dpt:28080 to:172.17.0.54:8080 2 104 DNAT TCP--! Docker0 * 0.0.0.0/0             0.0.0.0/0 TCP dpt:28081 to:172.17.0.55:8081 0 0 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:18081 to:172.17.0.56:8081 3 156 DNAT TCP--! DOCKER0 * 0.       0.0.0/0 0.0.0.0/0 TCP dpt:21022 to:172.17.0.56:22 4 208 DNAT TCP--! DOCKER0 *            0.0.0.0/00.0.0.0/0 TCP dpt:22022 to:172.17.0.55:22 2 104 DNAT TCP--! Docker0 * 0.0.0.0/0            0.0.0.0/0 TCP dpt:23022 to:172.17.0.53:22 2 104 DNAT TCP--! Docker0 * 0.0.0.0/0  0.0.0.0/0 TCP dpt:24022 to:172.17.0.54:22

2. Delete
If you delete the following rule
       3   156 DNAT       TCP  --  !docker0 *       0.0.0.0/0            0.0.0.0/0           TCP dpt:21022 to : 172.17.0.56:22
You can use the following command:
Iptables-t nat-d DOCKER 14

3. Add a rule

If the host's 25022 port request is forwarded to the port of the container with IP 172.17.0.58, the command is as follows:
Iptables-t nat-a DOCKER! -I docker0-p tcp-m tcp--dport 25022-j DNAT--to-destination 172.17.0.58:22


Webportal test Environment Iptables rules

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.