How to configure port forwarding for docker on CentOS 7 to be compatible with firewall

On CentOS 7, when we map the host port to the container port with a command similar to the following, we may encounter the problem of being unable to access the container service.

docker run --name web_a -p 192.168.1.250:803:80 -d web_a:beta1.0.0 .

When Docker executes this command, it injects a rule into iptables to map host port 803 to container port 80. However, in CentOS 7, iptables is replaced by the firewalld service. Therefore, the port mapping in the above command will not take effect.

Solution: First, check the network card information on the host and confirm that a virtual network card of docker0 has been added:

[root@localhost /home]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
    inet6 fe80::42:5cff:fe0e:82f9 prefixlen 64 scopeid 0x20<link>
    ether 02:42:5c:0e:82:f9 txqueuelen 0 (Ethernet)
    RX packets 1288 bytes 1561177 (1.4 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 1594 bytes 108755 (106.2 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet 192.168.1.250 netmask 255.255.255.0 broadcast 192.168.1.255
    inet6 fe80::76f4:9aea:4973:ec6c prefixlen 64 scopeid 0x20<link>
    inet6 240e:379:542:2800:8844:77ba:78dd:7 prefixlen 128 scopeid 0x0<global>
    inet6 240e:379:542:2811:3ead:218:ba68:38e6 prefixlen 64 scopeid 0x0<global>
    ether 74:d4:35:09:93:19 txqueuelen 1000 (Ethernet)
    RX packets 10166908 bytes 1221399579 (1.1 GiB)
    RX errors 0 dropped 3014 overruns 0 frame 0
    TX packets 982334 bytes 427296782 (407.5 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
    device interrupt 18

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10<host>
    loop txqueuelen 1000 (Local Loopback)
    RX packets 1833650 bytes 450567722 (429.6 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 1833650 bytes 450567722 (429.6 MiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vethecef228: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
    inet6 fe80::f425:f1ff:fe82:9c19 prefixlen 64 scopeid 0x20<link>
    ether f6:25:f1:82:9c:19 txqueuelen 0 (Ethernet)
    RX packets 234 bytes 1520113 (1.4 MiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 613 bytes 39809 (38.8 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Use the following command to confirm the virtual IP obtained by the container instance:

docker inspect web_a

Assuming that the IP in the container is 172.17.0.2, we will create a NAT forwarding rule for this IP and let the firewalld service handle this rule:

#Host port request is forwarded to the container (the service in the container should not listen to localhost but to the virtual IP assigned by the container or replace it with 0.0.0.0)
firewall-cmd --permanent --zone=public --add-masquerade Enable port NAT forwarding #Forward the host port 803 request to port 80 on the container firewall-cmd --add-forward-port=port=803:proto=tcp:toaddr=172.17.0.2:toport=80 --permanent
#Reload rules firewall-cmd --reload
#List all rules firewall-cmd --list-all
public (active)
 target: default
 icmp-block-inversion: no
 interfaces: enp2s0
 sources:
 services: ssh dhcpv6-client
 ports: 3306/tcp 80/tcp 21/tcp 5000/tcp 6379/tcp 900/tcp 801/tcp 802/tcp 6000/tcp 5002/tcp 90/tcp 9092/tcp 81/tcp 803/tcp
 Protocols:
 masquerade: yes
 forward-ports: port=803:proto=tcp:toport=80:toaddr=172.17.0.2
 source-ports:
 icmp-blocks:
 Rich rules:

#Restart Docker
systemctl restart docker
#Restart the container docker start web_a

After the above operations, you can access the service on port 80 on the container with the host IP:803, and there is no need to shut down firewalld (many conclusions on the Internet are to replace it with iptables service, but it is not necessary in actual tests).

Summarize

This is the end of this article about how to configure port forwarding for docker on CentOS 7 to be compatible with firewall. For more information about configuring port forwarding for docker to be compatible with firewall, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in:

Troubleshooting process for Docker container suddenly failing to connect after port mapping
How to bind Docker container to external IP and port
Add port mapping after docker container starts
How to set port mapping for running container in Docker
Detailed explanation of docker dynamically mapping running container ports
Docker port mapping in detail

<<: Vertical and horizontal splitting of MySQL tables

>>: How to connect to MySQL using C++

Let's take a look at some powerful operators in JavaScript

MySQL 5.7.20 common download, installation and configuration methods and simple operation skills (decompression version free installation)

I just finished installing MySQL 5.7.19 in the ea...

How to configure port forwarding for docker on CentOS 7 to be compatible with firewall

Let's take a look at some powerful operators in JavaScript

Concat() of combined fields in MySQL

An example of vertical centering of sub-elements in div using Flex layout

How to configure Nginx to support ipv6 under Linux system

How to change the encoding to utf-8 in mysql version 5.7 under windows

SMS verification code login function based on antd pro (process analysis)

How to check whether the graphics driver has been successfully installed in Ubuntu

Teach you how to install docker on windows 10 home edition

How to use VirtualBox to simulate a Linux cluster

How to use the Clipboard API in JS

Recommend

How to write beautiful HTML code

Solution to MySQL remote connection failure

Use the vue-element-admin framework to dynamically obtain the menu function from the backend

Web page HTML code explanation: ordered list and unordered list

The difference between html block-level tags and inline tags

Understand the principle of page replacement algorithm through code examples

Introduction to the use of em in elastic layout in CSS3: How many pixels is 1em?

MySQL 5.7.20 common download, installation and configuration methods and simple operation skills (decompression version free installation)

Detailed explanation of the functions and usage of MySQL common storage engines

Docker containers communicate directly through routing to achieve network communication

A simple way to clear the CSS, JavaScript and background image cache in the browser

Pure CSS to achieve cool charging animation

Detailed explanation of the process of building an image server with nginx (the difference between root and alias)

Detailed steps for installing and configuring mysql 5.6.21

Tomcat's method of setting ports through placeholders (i.e. parameter specification method)