Hello,
I have a number of dedicated servers and I’m trying to build a secure provisioning system based on Cobbler and Docker. My idea is to use an isolated Cobbler container for each of the dedicated servers and run the containers on-demand during the provisioning process and setting the ip helper in the switch to a single IP for Docker Host.
The services included in each cobbler container are DHCP, TFTP, HTTP, and cobbler and my Dockrfile includes:
EXPOSE 69/udp
EXPOSE 67/udp
EXPOSE 80/tcp
EXPOSE 443/tcp
EXPOSE 25151/tcp
This setup works properly with a single Docker container when exposing the ports using docker-compose like
ports:
- "69:69/udp"
- "67:67/udp"
- "80:80/tcp"
- "443:443/tcp"
- "25151:25151/tcp"
Now, I’m struggling with forward mapping the connections from the dedicated servers to their containers based on their IPs. I tried disabling the port expose and depending on NAT from the Docker host but it didn’t work.
iptables -t nat -A PREROUTING -s DEDICATED-SERVER-IP -d DOCKER-HOST-IP -j DNAT --to-destination CONTAINER-IP
iptables -A FORWARD -d CONTAINER-IP -j ACCEPT
Is this the correct approach to doing such a setup? Please advise on how to fix this and thanks in advance.
- Docker version : 18.03.0-ce
- OS : CentOS 7 - 64bit
- Docker-compose : v3