Timeline for Docker container hits iptables to proxy
Current License: CC BY-SA 4.0
9 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 25, 2018 at 14:00 | comment | added | ismaytur | Yeah, at last. That is exactly what I want to do. But, one case you missed is that I do not want all traffic from dock to be routed over proxy, but ONLY AND ONLY specific docker subnet. So, thats why I cannot add default routing. Added it as a second table routing. While doing ip route get (thanks for clue) I figured out that my routing is not working, so digging further. | |
| Jul 25, 2018 at 12:14 | history | edited | dirkt | CC BY-SA 4.0 | added 1518 characters in body |
| Jul 25, 2018 at 11:58 | comment | added | ismaytur | Both VPSs have public IP assigned to their NIC. But, anyway, if proxy had not public IP assigned to its NIC, with masquerading the public IP would be, as you said, the suppliers public IP. However, I want, only for container, to change this IP to second VPSs public IP. | |
| Jul 25, 2018 at 11:47 | comment | added | dirkt | Yes, I understood connection between VPSs is over the internet. This is not the point. Can you please look at the output of ip addr on proxy, and see if the public IP is listed there, or not? And if it is not listed, could you describe how proxy connects to whoever supplies the public IP? That is the point. | |
| Jul 25, 2018 at 11:45 | comment | added | ismaytur | I cannot understand you. Can you please show me real working example. Thanks | |
| Jul 25, 2018 at 11:44 | comment | added | ismaytur | You say: Details depend on how the network is setup on the host (which you didn't say)... Is not this enough? As connection between VPSs is over internet, no local connection,... | |
| Jul 25, 2018 at 9:02 | comment | added | dirkt | It doesn't really matter if proxy and/or dock are docker instances or not If proxy is the host itself, the same applies: Is the public IP of proxy is visible in proxy (ip addr), or not (because your hosting service has other machines which do the NAT)? Depending on that, you either MASQUERADE only on proxy, or you pretend to whoever does the NAT that dock is just another machine, a peer of proxy, by forwarding/routing. | |
| Jul 25, 2018 at 7:26 | comment | added | ismaytur | Thank you for reply. But as I see you did not understand correctly. There is no any docker instance in proxy, but docker instance is in dock machine. The thing that I want to achieve is to redirect the traffic from docker instance over proxy machine, not from dock machine itself, so while accessing some resource from inside instance your public IP will be the proxy public IP. Docker uses masquerading to provide connectivity out/in for its instances in a host. | |
| Jul 25, 2018 at 7:01 | history | answered | dirkt | CC BY-SA 4.0 |