Forwarding Traffic from Client on Host to Container

Hi All!
I use ubuntu 16.04 right now.

I have an small office right now. In the past, the traffic like this:


I set up the network like this:

  1. I have an login page. If client hasn’t entered the network, so client will be redirected to login page first.
  2. If login success, I create iptables that let client access internet

So example like this:
IP Client :
IP Server :
IP Page Login : in port 4000 (I use flask app)

First what I do is, set up iptables that redirect all client to login page:

iptables -I FORWARD 1 -J REJECT
iptables -I FORWARD 1 -s -d --dport 4000 -j ACCEPT
iptables -t nat -I PREROUTING 1 -p tcp -s --dport 80 -j DNAT --to

Than, if client open website (anything), client will be redirect to login page first. If login success, I create a new rule: example: IP CLIENT:

iptables -I FORWARD 1 -s -j ACCEPT
iptables -t nat -I PREROUTING -s -j ACCEPT
iptables -t nat -I POSTROUTING 1 -o wlp3s0 -j MASQUERADE -s

That’s work! Client can access internet. And now, I want to change the traffic, like this:


I use docker container, inside the server. Or maybe if you want to see the image like this:

So I want make 1 client have 1 container. So if there are 3 client, there are 3 container too. I made it because it makes easier to log the traffic from the client.

So my question is:

  1. Can I just use IPTABLES to this problem?
  2. Can I route just one specific IP from client, to one specific IP container?

Or there is best way to do this?