Shulou(Shulou.com)06/02 Report--

Summary

There are many people on the Internet looking for questions about whether port mapping can be done after the container is started. I once asked du Niang, I'm sorry I couldn't find it. This paper gives a solution to this problem, in order to throw a brick to attract jade. The idea of this article is to use iptables port forwarding, which is also the internal implementation mechanism of docker port mapping, but I just write it out explicitly, in order to give the person looking for this problem an intuitive understanding of docker port mapping.

Conclusion: Port mapping can be added after the container is started, but it is not recommended to add it manually. It is best to use the functions provided by docker.

Steps

Two containers are created and ports are mapped, and the result is shown in the figure:

Suppose I start a container with an internal IP of 172.17.0.5 and start port 80 inside the container.

We don't need to worry about the FORWARD rule chain. Docker has already written it for us. We only need to care about a few chains in NAT.

View the PREROUTING chain in the NAT table

As you can see from the above, iptables forwards all the data that meets the criteria to the DOCKER chain.

View the DOCKER chain in the NAT table

Following the figure above, we add our own mapping rule to map the host port 8082 to port 80 of 172.17.0.5. The rules are as follows:

Iptables-t nat-A DOCKER!-I docker0-p tcp-m tcp-- dport 8082-j DNAT-- to-destination 172.17.0.5 DOCKER 80

View the POSTROUTING chain in the NAT table

Following the rules in the above figure, the written rules are as follows:

Iptables-t nat-A POSTROUTING-s 172.17.0.5 MASQUERADE 32-d 172.17.0.5 tcp 32-p tcp-m tcp-- dport 80-j MASQUERADE

View the DOCKER chain in the FILTER table

Imitate the book writing rules as follows:

Iptables-t filter-A DOCKER-d 172.17.0.5 tcp 32!-I docker0-o docker0-p tcp-m tcp-- dport 80-j ACCEPT

Result

Although the container with an IP of 172.17.0.5 does not enable port mapping, as shown in the following figure:

However, we can still access port 80 of 172.17.0.5 by accessing port 8082 of the host (192.168.78.238). The results are as follows:

One drawback of using this approach is that you cannot access the localhost:8082, which means that if you want to forward the localhost as well, you need to make additional configuration.

Conclusion

It is recommended that you do not do port mapping like I do. I only do this to illustrate the title.

If you add something to the container and open the port, at the same time, you want to copy a few more such containers. It is recommended that you submit the container as an image, and then use the port mapping feature provided by docker.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.