If you need to configure an interface using DHCP, or if The previous example was relatively easy to configure, but has a few With these rules in place, traffic to 10.12.0.117 (port 80) isĭirected to our web container, and traffic originating in the webĬontainer will appear to come from 10.12.0.117. Need to place our rule earlier in the POSTROUTING chain for it to POSTROUTING chain: -A POSTROUTING -s 172.17.0.0/16 ! -d 172.17.0.0/16 -j MASQUERADEīecause this MASQUERADE rule matches traffic from any container, we This is necessary because, byĭefault, Docker has already added the following rule to the top of the Note here the use of -I POSTROUTING, which places the rule at the POSTROUTING chain to modify the source address: # iptables -t nat -I POSTROUTING -s $(docker-ip web) \ We can fix that my adding a SNAT rule to the System, that connection would appear to originate with ip address of If our container were to initiate a network connection with another It’s destination set to the address of our docker container ( -j DNAT -to-destination 172.17.0.4:80).įrom a host elsewhere on the network, we can now access the web server Originating on the docker0 bridge ( ! -i docker0) destined for This matches traffic TO our target address ( -d 10.12.0.117/32) not Will also create the following rule in the nat table DOCKERĬhain (which is run from the PREROUTING chain): -A DOCKER -d 10.12.0.117/32 ! -i docker0 -p tcp -m tcp