IPTables port redirect with Dockeriptables REDIRECT scopeRHEL 6 Having issues forwarding port 80 to port...
Can a German sentence have two subjects?
How can the DM most effectively choose 1 out of an odd number of players to be targeted by an attack or effect?
Is there really no realistic way for a skeleton monster to move around without magic?
Why are only specific transaction types accepted into the mempool?
How is this relation reflexive?
How do we improve the relationship with a client software team that performs poorly and is becoming less collaborative?
How is the claim "I am in New York only if I am in America" the same as "If I am in New York, then I am in America?
A newer friend of my brother's gave him a load of baseball cards that are supposedly extremely valuable. Is this a scam?
Why is an old chain unsafe?
How is it possible to have an ability score that is less than 3?
I’m planning on buying a laser printer but concerned about the life cycle of toner in the machine
How can I automatically replace [[ and ]] with the [LeftDoubleBracket] and [RightDoubleBracket] operators?
Is it possible to do 50 km distance without any previous training?
What do you call a Matrix-like slowdown and camera movement effect?
The use of multiple foreign keys on same column in SQL Server
Why don't electron-positron collisions release infinite energy?
Draw simple lines in Inkscape
Set-theoretical foundations of Mathematics with only bounded quantifiers
How to report a triplet of septets in NMR tabulation?
What are these boxed doors outside store fronts in New York?
Can I make popcorn with any corn?
How old can references or sources in a thesis be?
Compute hash value according to multiplication method
declaring a variable twice in IIFE
IPTables port redirect with Docker
iptables REDIRECT scopeRHEL 6 Having issues forwarding port 80 to port 8080iptables - Redirect except list MAC AddressHow to configure iptables when running Dockerdocker containers won't connect to DNS server containerHow to manage a Docker container with port mapping?Using iptables port redirection with dockerCan't access docker bind port from public IPDocker 17.06 and iptables on Ubuntu 16.04
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I have a web service running on port 8080, which is made available on port 80 through IPTables like so:
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8080
This works, however attempting to reach 127.0.0.1:80 inside a Docker container fails. I assume this is because lo within the container is a separate device inside a network namespace. Thus I attempted to do the following:
iptables -t nat -A OUTPUT -p tcp -d 172.17.0.0/16 --dport 80 -j REDIRECT --to-port 8080
where 172.17.0.0/26 is the range assigned to the docker0 bridge interface. Connections to 172.17.42.1:80 (the IP assigned to docker0) still fail inside the container.
There are no firewall rules other than the standard set created by Docker.
Why is this forwarding rule still failing?
Versions:
- Ubuntu 14.04 (3.13.0-36-generic)
- Docker 1.2.0
iptables docker
asked Mar 9 '15 at 13:14
JamescunJamescun
40237
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a web service running on port 8080, which is made available on port 80 through IPTables like so:
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8080
This works, however attempting to reach 127.0.0.1:80 inside a Docker container fails. I assume this is because lo within the container is a separate device inside a network namespace. Thus I attempted to do the following:
iptables -t nat -A OUTPUT -p tcp -d 172.17.0.0/16 --dport 80 -j REDIRECT --to-port 8080
where 172.17.0.0/26 is the range assigned to the docker0 bridge interface. Connections to 172.17.42.1:80 (the IP assigned to docker0) still fail inside the container.
There are no firewall rules other than the standard set created by Docker.
Why is this forwarding rule still failing?
Versions:
- Ubuntu 14.04 (3.13.0-36-generic)
- Docker 1.2.0
iptables docker
asked Mar 9 '15 at 13:14
JamescunJamescun
40237
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a web service running on port 8080, which is made available on port 80 through IPTables like so:
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8080
This works, however attempting to reach 127.0.0.1:80 inside a Docker container fails. I assume this is because lo within the container is a separate device inside a network namespace. Thus I attempted to do the following:
iptables -t nat -A OUTPUT -p tcp -d 172.17.0.0/16 --dport 80 -j REDIRECT --to-port 8080
where 172.17.0.0/26 is the range assigned to the docker0 bridge interface. Connections to 172.17.42.1:80 (the IP assigned to docker0) still fail inside the container.
There are no firewall rules other than the standard set created by Docker.
Why is this forwarding rule still failing?
Versions:
- Ubuntu 14.04 (3.13.0-36-generic)
- Docker 1.2.0
iptables docker
asked Mar 9 '15 at 13:14
JamescunJamescun
40237
I have a web service running on port 8080, which is made available on port 80 through IPTables like so:
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.0/8 --dport 80 -j REDIRECT --to-port 8080
This works, however attempting to reach 127.0.0.1:80 inside a Docker container fails. I assume this is because lo within the container is a separate device inside a network namespace. Thus I attempted to do the following:
iptables -t nat -A OUTPUT -p tcp -d 172.17.0.0/16 --dport 80 -j REDIRECT --to-port 8080
where 172.17.0.0/26 is the range assigned to the docker0 bridge interface. Connections to 172.17.42.1:80 (the IP assigned to docker0) still fail inside the container.
There are no firewall rules other than the standard set created by Docker.
Why is this forwarding rule still failing?
Versions:
- Ubuntu 14.04 (3.13.0-36-generic)
- Docker 1.2.0
iptables docker
iptables docker
asked Mar 9 '15 at 13:14
JamescunJamescun
40237
asked Mar 9 '15 at 13:14
JamescunJamescun
40237
asked Mar 9 '15 at 13:14
JamescunJamescun
40237
asked Mar 9 '15 at 13:14
JamescunJamescun
40237
asked Mar 9 '15 at 13:14
JamescunJamescun
40237
40237
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 3 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
In the end, I fixed this by using a slightly different range and inserting a PREROUTING rule before dockers.
iptables -t nat -I PREROUTING 1 -p tcp -d 172.16.0.0/16 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 14:10
JamescunJamescun
40237
add a comment |
Your first rule redirects anything in the 127.0.0.0/8 network to the local webservice, instead of what you probably intentioned to be things directed at lo.
Assuming you lo interface has IP 127.0.0.1 (which it almost certainly does) try this instead:
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 13:37
GregLGregL
6,69221828
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f674032%2fiptables-port-redirect-with-docker%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
In the end, I fixed this by using a slightly different range and inserting a PREROUTING rule before dockers.
iptables -t nat -I PREROUTING 1 -p tcp -d 172.16.0.0/16 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 14:10
JamescunJamescun
40237
add a comment |
In the end, I fixed this by using a slightly different range and inserting a PREROUTING rule before dockers.
iptables -t nat -I PREROUTING 1 -p tcp -d 172.16.0.0/16 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 14:10
JamescunJamescun
40237
add a comment |
In the end, I fixed this by using a slightly different range and inserting a PREROUTING rule before dockers.
iptables -t nat -I PREROUTING 1 -p tcp -d 172.16.0.0/16 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 14:10
JamescunJamescun
40237
In the end, I fixed this by using a slightly different range and inserting a PREROUTING rule before dockers.
iptables -t nat -I PREROUTING 1 -p tcp -d 172.16.0.0/16 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 14:10
JamescunJamescun
40237
answered Mar 9 '15 at 14:10
JamescunJamescun
40237
answered Mar 9 '15 at 14:10
JamescunJamescun
40237
answered Mar 9 '15 at 14:10
JamescunJamescun
40237
40237
add a comment |
add a comment |
Your first rule redirects anything in the 127.0.0.0/8 network to the local webservice, instead of what you probably intentioned to be things directed at lo.
Assuming you lo interface has IP 127.0.0.1 (which it almost certainly does) try this instead:
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 13:37
GregLGregL
6,69221828
add a comment |
Your first rule redirects anything in the 127.0.0.0/8 network to the local webservice, instead of what you probably intentioned to be things directed at lo.
Assuming you lo interface has IP 127.0.0.1 (which it almost certainly does) try this instead:
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 13:37
GregLGregL
6,69221828
add a comment |
Your first rule redirects anything in the 127.0.0.0/8 network to the local webservice, instead of what you probably intentioned to be things directed at lo.
Assuming you lo interface has IP 127.0.0.1 (which it almost certainly does) try this instead:
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 13:37
GregLGregL
6,69221828
Your first rule redirects anything in the 127.0.0.0/8 network to the local webservice, instead of what you probably intentioned to be things directed at lo.
Assuming you lo interface has IP 127.0.0.1 (which it almost certainly does) try this instead:
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-port 8080
answered Mar 9 '15 at 13:37
GregLGregL
6,69221828
answered Mar 9 '15 at 13:37
GregLGregL
6,69221828
answered Mar 9 '15 at 13:37
GregLGregL
6,69221828
answered Mar 9 '15 at 13:37
GregLGregL
6,69221828
6,69221828
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f674032%2fiptables-port-redirect-with-docker%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
