系统:宿主机与容器为centos6.5x86_64网络:em1是内网,em2是外网(设置本次外网ip是1.1.1.3),docker0是docker的桥接网卡独立ip:设置本次独立ip是1.1.1.4使用的技术:参考了openstack的iptablesdnat技术下面是docker版本08:32:50#dockerversionClientversion:1.1.2ClientAPIversion:1.13Goversion(client):go1.2.2Gitcommit(client):d84a070/1.1.2Serverversion:1.1.2ServerAPIversion:1.13Goversion(server):go1.2.2Gitcommit(server):d84a070/1.1.2root@ip-10-10-29-224:~09:58:51#dockerinfoContainers:15Images:8StorageDriver:devicemapperPoolName:docker-8:3-22806948-poolDatafile:/var/lib/docker/devicemapper/devicemapper/dataMetadatafile:/var/lib/docker/devicemapper/devicemapper/metadataDataSpaceUsed:60996.6MbDataSpaceTotal:102400.0MbMetadataSpaceUsed:33.9MbMetadataSpaceTotal:2048.0MbExecutionDriver:native-0.2KernelVersion:2.6.32-431.29.2.el6.x86_64ifconfigem2:01.1.1.4netmask255.255.255.0updockerrun–restartalways–privileged-d–name=’test’docker.ops-chukong.com:5000/centos6-http:new/usr/bin/supervisorddockerinspecttest|grep-iadd
比如本次获取的ip是172.17.0.5
3、在宿主机的iptables里做dnat映射
默认的input、output、forward我不做设置,仅设置nat
*nat:PREROUTINGACCEPT[15:1542]:POSTROUTINGACCEPT[0:0]:OUTPUTACCEPT[0:0]:DOCKER-[0:0]-APREROUTING-maddrtype–dst-typeLOCAL-jDOCKER-APOSTROUTING-jMASQUERADE-AOUTPUT!-d127.0.0.0/8-maddrtype–dst-typeLOCAL-jDOCKER-ADOCKER-d1.1.1.4!-idocker0-ptcp-mtcp–dport80-jDNAT–to-destination172.17.0.5:80-ADOCKER-d1.1.1.4!-idocker0-ptcp-mtcp–dport80-jDNAT–to-destination172.17.0.5:443COMMIT
有问题留言,我会及时的给与答复。
本文出自 “吟—技术交流” 博客,请务必保留此出处
天才是百分之一的灵感加上百分之久十久的努力
