Docker Community Forums

Share and learn in the Docker community.

Forwarding Traffic from Client on Host to Container


(Fourirakbar) #1

Hi All!
I use ubuntu 16.04 right now.

I have an small office right now. In the past, the traffic like this:

CLIENT — SERVER — ROUTER — INTERNET

I set up the network like this:

  1. I have an login page. If client hasn’t entered the network, so client will be redirected to login page first.
  2. If login success, I create iptables that let client access internet

So example like this:
IP Client : 192.168.99.0/24
IP Server : 192.168.0.15
IP Page Login : 192.168.0.2 in port 4000 (I use flask app)

First what I do is, set up iptables that redirect all client to login page:

iptables -I FORWARD 1 192.168.99.0/24 -J REJECT
iptables -I FORWARD 1 -s 192.168.99.0/24 -d 192.168.0.2 --dport 4000 -j ACCEPT
iptables -t nat -I PREROUTING 1 -p tcp -s 192.168.99.0/24 --dport 80 -j DNAT --to 192.168.0.2:4000

Than, if client open website (anything), client will be redirect to login page first. If login success, I create a new rule: example: IP CLIENT: 192.168.99.100

iptables -I FORWARD 1 -s 192.168.99.100 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.99.100 -j ACCEPT
iptables -t nat -I POSTROUTING 1 -o wlp3s0 -j MASQUERADE -s 192.168.99.100

That’s work! Client can access internet. And now, I want to change the traffic, like this:

CLIENT — SERVER — CONTAINER — SERVER — ROUTER — INTERNET

I use docker container, inside the server. Or maybe if you want to see the image like this:

So I want make 1 client have 1 container. So if there are 3 client, there are 3 container too. I made it because it makes easier to log the traffic from the client.

So my question is:

  1. Can I just use IPTABLES to this problem?
  2. Can I route just one specific IP from client, to one specific IP container?

Or there is best way to do this?
Thankyou!