0

It is common to access a container from out of host with simple iptable rules which forward a port on host to a port on container with container internal IP in hand

-A PREROUTING -d 1.2.3.4/32 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.4.10:80

So public IP 1.2.3.4 will routed to the container. with a proper dns record one can point a FQDN (eg: test.example.com) to this container also. and all things is working good til this point.

BUT in the host or in neighbor containers on same host, the FQDN is useless and not routed to that container.

Currently the dirty way is to point the FQDN to container private IP in /etc/hosts for host and all neighbor containers. but I think there is cleaner way to do that.

Can any one help?

UPDATE 1:

after alot of try and error, got this for host only. by setting this beside above rule it routes packets from host to that FQDN to container

iptables -A OUTPUT -d 1.2.3.4/32 -j DNAT --to-destination 10.0.4.10 -t nat

but nieghbor containers still cannot use that FQDN.

wtayyeb
  • 1,879
  • 2
  • 18
  • 38
  • Is it common? I think most people use Dockers [port mapping](https://docs.docker.com/engine/reference/run/#/expose-incoming-ports) feature for this. – Matt Oct 31 '16 at 06:32
  • it is not docker-specific problem. in docker and lxd when you use internal hostnames everything is good. the problem raised when using external hostname that is routed to container via iptables – wtayyeb Oct 31 '16 at 13:22

0 Answers0