How to configure port forwarding for docker on CentOS 7 to be compatible with firewall
|
On CentOS 7, when we map the host port to the container port with a command similar to the following, we may encounter the problem of being unable to access the container service. docker run --name web_a -p 192.168.1.250:803:80 -d web_a:beta1.0.0 . When Docker executes this command, it injects a rule into iptables to map host port 803 to container port 80. However, in CentOS 7, iptables is replaced by the firewalld service. Therefore, the port mapping in the above command will not take effect. Solution: First, check the network card information on the host and confirm that a virtual network card of docker0 has been added:
[root@localhost /home]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:5cff:fe0e:82f9 prefixlen 64 scopeid 0x20<link>
ether 02:42:5c:0e:82:f9 txqueuelen 0 (Ethernet)
RX packets 1288 bytes 1561177 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1594 bytes 108755 (106.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.250 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::76f4:9aea:4973:ec6c prefixlen 64 scopeid 0x20<link>
inet6 240e:379:542:2800:8844:77ba:78dd:7 prefixlen 128 scopeid 0x0<global>
inet6 240e:379:542:2811:3ead:218:ba68:38e6 prefixlen 64 scopeid 0x0<global>
ether 74:d4:35:09:93:19 txqueuelen 1000 (Ethernet)
RX packets 10166908 bytes 1221399579 (1.1 GiB)
RX errors 0 dropped 3014 overruns 0 frame 0
TX packets 982334 bytes 427296782 (407.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 18
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1833650 bytes 450567722 (429.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1833650 bytes 450567722 (429.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethecef228: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::f425:f1ff:fe82:9c19 prefixlen 64 scopeid 0x20<link>
ether f6:25:f1:82:9c:19 txqueuelen 0 (Ethernet)
RX packets 234 bytes 1520113 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 613 bytes 39809 (38.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Use the following command to confirm the virtual IP obtained by the container instance: docker inspect web_a Assuming that the IP in the container is 172.17.0.2, we will create a NAT forwarding rule for this IP and let the firewalld service handle this rule: #Host port request is forwarded to the container (the service in the container should not listen to localhost but to the virtual IP assigned by the container or replace it with 0.0.0.0) firewall-cmd --permanent --zone=public --add-masquerade Enable port NAT forwarding #Forward the host port 803 request to port 80 on the container firewall-cmd --add-forward-port=port=803:proto=tcp:toaddr=172.17.0.2:toport=80 --permanent #Reload rules firewall-cmd --reload #List all rules firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: enp2s0 sources: services: ssh dhcpv6-client ports: 3306/tcp 80/tcp 21/tcp 5000/tcp 6379/tcp 900/tcp 801/tcp 802/tcp 6000/tcp 5002/tcp 90/tcp 9092/tcp 81/tcp 803/tcp Protocols: masquerade: yes forward-ports: port=803:proto=tcp:toport=80:toaddr=172.17.0.2 source-ports: icmp-blocks: Rich rules: #Restart Docker systemctl restart docker #Restart the container docker start web_a After the above operations, you can access the service on port 80 on the container with the host IP:803, and there is no need to shut down firewalld (many conclusions on the Internet are to replace it with iptables service, but it is not necessary in actual tests). Summarize This is the end of this article about how to configure port forwarding for docker on CentOS 7 to be compatible with firewall. For more information about configuring port forwarding for docker to be compatible with firewall, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future! You may also be interested in:
|
<<: Vertical and horizontal splitting of MySQL tables
>>: How to connect to MySQL using C++
Recommend
JavaScript to achieve skin effect (change background)
This article shares the specific code of JavaScri...
A detailed introduction to for/of, for/in in JavaScript
Table of contents In JavaScript , there are sever...
Vue implements tree table through element tree control
Table of contents Implementation effect diagram I...
Detailed explanation of the principle of creating tomcat in Eclipse
When creating a tomcat server on a local eclipse,...
What is the function of !-- -- in HTML page style?
Mainly for low version browsers <!-- --> is ...
Sample code for nginx to achieve dynamic and static separation
1. Simple configuration of nginx's dynamic an...
OpenSSL implements two-way authentication tutorial (with server and client code)
1. Background 1.1 Problems A recent product testi...
Detailed explanation of HTML area tag
The <area> tag defines an area in an image ...
7 native JS error types you should know
Table of contents Overview 1. RangeError 2. Refer...
N ways to vertically center a div with single/multi-line text (unknown height/fixed height)
When talking about this issue, some people may ask...
The most commonly used HTML escape sequence
In HTML, <, >, &, etc. have special mean...
Using JavaScript to implement carousel effects
This article shares the specific code for JavaScr...
Using System.Drawing.Common in Linux/Docker
Preface After the project is migrated to .net cor...
Detailed summary of web form submission methods
Let's first look at several ways to submit a ...
A brief introduction to Vue filters, lifecycle functions and vue-resource
1. Filter Example: <!DOCTYPE html> <html...