Hello,

I have a number of dedicated servers and I’m trying to build a secure provisioning system based on Cobbler and Docker. My idea is to use an isolated Cobbler container for each of the dedicated servers and run the containers on-demand during the provisioning process and setting the ip helper in the switch to a single IP for Docker Host.

The services included in each cobbler container are DHCP, TFTP, HTTP, and cobbler and my Dockrfile includes:

EXPOSE 69/udp
EXPOSE 67/udp
EXPOSE 80/tcp
EXPOSE 443/tcp
EXPOSE 25151/tcp

This setup works properly with a single Docker container when exposing the ports using docker-compose like

ports:
 - "69:69/udp"
 - "67:67/udp"
 - "80:80/tcp"
 - "443:443/tcp"
 - "25151:25151/tcp"

Now, I’m struggling with forward mapping the connections from the dedicated servers to their containers based on their IPs. I tried disabling the port expose and depending on NAT from the Docker host but it didn’t work.

iptables -t nat -A PREROUTING -s DEDICATED-SERVER-IP -d DOCKER-HOST-IP -j DNAT --to-destination CONTAINER-IP
iptables -A FORWARD -d CONTAINER-IP -j ACCEPT

Is this the correct approach to doing such a setup? Please advise on how to fix this and thanks in advance.

• Docker version : 18.03.0-ce
• OS : CentOS 7 - 64bit
• Docker-compose : v3