The current Iptables NAT table rules:
[Email protected] ~]# iptables-t NAT-S-P prerouting ACCEPT-P postrouting ACCEPT-P OUTPUT ACCEPT-N DOCKER-A prerouting-m addrtype--dst-type LOCAL-J DOCKER-A Postrouting-s172.17.0.0/ -! -D172.17.0.0/ --J Masquerade-A Postrouting-s172.17.0.0/ -! -D172.17.0.0/ --J Masquerade-A Postrouting-s172.17.0.0/ -! -D172.17.0.0/ --J Masquerade-A OUTPUT! -D127.0.0.0/8-M addrtype--dst-type LOCAL-J DOCKER-A DOCKER! -I docker0-p tcp-m TCP--dport18000-j DNAT--to-destination172.17.0.26:8000-A DOCKER! -I docker0-p tcp-m TCP--dport28000-j DNAT--to-destination172.17.0.27:8000-A DOCKER! -I docker0-p tcp-m TCP--dport18001-j DNAT--to-destination172.17.0.29:8001-A DOCKER! -I docker0-p tcp-m TCP--dport28001-j DNAT--to-destination172.17.0.30:8001-A DOCKER! -I docker0-p tcp-m TCP--dport38001-j DNAT--to-destination172.17.0.34:8001-A DOCKER! -I docker0-p tcp-m TCP--dport48001-j DNAT--to-destination172.17.0.37:8001-A DOCKER! -I docker0-p tcp-m TCP--dport38081-j DNAT--to-destination172.17.0.38:8081-A DOCKER! -I docker0-p tcp-m TCP--dport38080-j DNAT--to-destination172.17.0.39:8080-A DOCKER! -I docker0-p tcp-m TCP--dport50022-j DNAT--to-destination172.17.0.38: A-A DOCKER! -I docker0-p tcp-m TCP--dport18080-j DNAT--to-destination172.17.0.53:8080-A DOCKER! -I docker0-p tcp-m TCP--dport28080-j DNAT--to-destination172.17.0.54:8080-A DOCKER! -I docker0-p tcp-m TCP--dport28081-j DNAT--to-destination172.17.0.55:8081-A DOCKER! -I docker0-p tcp-m TCP--dport18081-j DNAT--to-destination172.17.0.56:8081-A DOCKER! -I docker0-p tcp-m TCP--dport21022-j DNAT--to-destination172.17.0.56: A-A DOCKER! -I docker0-p tcp-m TCP--dport22022-j DNAT--to-destination172.17.0.55: A-A DOCKER! -I docker0-p tcp-m TCP--dport23022-j DNAT--to-destination172.17.0.53: A-A DOCKER! -I docker0-p tcp-m TCP--dport24022-j DNAT--to-destination172.17.0.54:22
Second, add delete the specified rule chain 1. View corresponding rules for Numberchain prerouting (policy ACCEPT 5011 packets, 232K bytes) num pkts bytes target prot opt In Out source destination 1 445 26784 DOCKER All--* * 0.0.0.0/0 0.0.0.0/0 addrtype match Dst-type LOCAL Chain postrouting (Policy ACCEPT 397 packets, 25359 bytes) Num p kts bytes Target prot opt in Out source destination 1 4477K 269M Masquerade All-- * * 172.17.0.0/16!172.17.0.0/16 2 102 6188 Masquerade All--* * 172.17.0.0/ !172.17.0.0/16 3 0 0 Masquerade All--* * 172.17.0.0/16!172.17.0.0/16 Chain OUTPUT (Policy ACCEPT 358 packets, 23019 bytes) num pkts bytes target prot opt in Out source Destination 1 1 DOCKER All--* * 0.0.0.0/0!127.0.0.0/8 ADD Rtype Match Dst-type LOCAL Chain DOCKER (2 references) num pkts bytes target prot opt in Out source destination 1 18127 1078K DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:18000 to:172.17.0. 26:8000 2 18082 1076K DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:28000 to:17 2.17.0.27:8000 3 1329 78652 DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:1800 1 to:172.17.0.29:8001 4 1219 72316 DNAT TCP--! DOCKER0 * 0.0.0.0/0 0.0.0.0/0 TCP D pt:28001 to:172.17.0.30:8001 5 936 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:38001 to:172.17.0.34:8001 6 4836 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:48001 to:172.17.0.37:8001 7 4728 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0. 0.0/0 TCP DPT:38081 to:172.17.0.38:8081 8 912 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 t CP dpt:38080 to:172.17.0.39:8080 9 4 208 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:50022 to:172.17.0.38:22 1248 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:18080 to:172.17.0.53:8080 2444 DNAT TCP--! Docker0 * 0.0.0.0/0 0. 0.0.0/0 TCP dpt:28080 to:172.17.0.54:8080 2 104 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:28081 to:172.17.0.55:8081 0 0 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:18081 to:172.17.0.56:8081 3 156 DNAT TCP--! DOCKER0 * 0. 0.0.0/0 0.0.0.0/0 TCP dpt:21022 to:172.17.0.56:22 4 208 DNAT TCP--! DOCKER0 * 0.0.0.0/00.0.0.0/0 TCP dpt:22022 to:172.17.0.55:22 2 104 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:23022 to:172.17.0.53:22 2 104 DNAT TCP--! Docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:24022 to:172.17.0.54:22
2. Delete
If you delete the following rule
3 156 DNAT TCP -- !docker0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:21022 to : 172.17.0.56:22
You can use the following command:
Iptables-t nat-d DOCKER 14
3. Add a rule
If the host's 25022 port request is forwarded to the port of the container with IP 172.17.0.58, the command is as follows:
Iptables-t nat-a DOCKER! -I docker0-p tcp-m tcp--dport 25022-j DNAT--to-destination 172.17.0.58:22
Webportal test Environment Iptables rules