I have a number of dedicated servers and I’m trying to build a secure provisioning system based on Cobbler and Docker. My idea is to use an isolated Cobbler container for each of the dedicated servers and run the containers on-demand during the provisioning process and setting the ip helper in the switch to a single IP for Docker Host.
The services included in each cobbler container are DHCP, TFTP, HTTP, and cobbler and my Dockrfile includes:
EXPOSE 69/udp EXPOSE 67/udp EXPOSE 80/tcp EXPOSE 443/tcp EXPOSE 25151/tcp
This setup works properly with a single Docker container when exposing the ports using docker-compose like
ports: - "69:69/udp" - "67:67/udp" - "80:80/tcp" - "443:443/tcp" - "25151:25151/tcp"
Now, I’m struggling with forward mapping the connections from the dedicated servers to their containers based on their IPs. I tried disabling the port expose and depending on NAT from the Docker host but it didn’t work.
iptables -t nat -A PREROUTING -s DEDICATED-SERVER-IP -d DOCKER-HOST-IP -j DNAT --to-destination CONTAINER-IP iptables -A FORWARD -d CONTAINER-IP -j ACCEPT
Is this the correct approach to doing such a setup? Please advise on how to fix this and thanks in advance.
- Docker version : 18.03.0-ce
- OS : CentOS 7 - 64bit
- Docker-compose : v3