...
Now traffic on port 80 on the host will be forwarded to port 80 in the container IP specified. You can see your rules, (note I got to try below output again on a clean machine)
| Code Block | ||
|---|---|---|
| ||
sudo iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 15 packets, 957 bytes)
pkts bytes target prot opt in out source destination
1 64 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:10.0.3.10:80
Chain INPUT (policy ACCEPT 1 packets, 229 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
695K 53M MASQUERADE all -- * * 10.0.3.0/24 !10.0.3.0/24 |
You might want to delete the rule. Again, note this is not persistent upon reboot. Execute the exact same command to add, but change -A to -D,
...
Generate mac address same way lxc does - http://giantdorks.org/alain/how-to-generate-a-unique-mac-address/
sudo iptables -t nat -L -n -vChain PREROUTING (policy ACCEPT 15 packets, 957 bytes) pkts bytes target prot opt in out source destination 1 64 DNAT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 to:10.0.3.11:22
Chain INPUT (policy ACCEPT 1 packets, 229 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 695K 53M MASQUERADE all -- * * 10.0.3.0/24 !10.0.3.0/24