Persistent POSTROUTING iptable rules

adimulam · November 15, 2018, 3:59pm

Issue Type: Docker with IPTABLES enabled

Docker Version: 1.12.6

I had to add few iptable entries into NAT table, POSTROUTING chain, to allow docker containers to access internet through a different source-address/source-interface of Host Machine (to_source).

Things are working fine.

Ex:

target     prot opt source               destination
SNAT       all  --  100.100.8.0/22       10.1.2.3       to:100.64.0.5

But, when docker service is restarted, it inserts MASQUERADE rules on top of my entries and hence my fix as above is masked. Docker containers can’t access internet now.

Ex:

target     prot opt source               destination
MASQUERADE  all  --  100.100.8.0/22       0.0.0.0/0
SNAT        all  --  100.100.8.0/22       10.1.2.3       to:100.64.0.5

Is there anyway to make my POSTROUTING rules to stay always on top of the chain even after docker restarts?

Topic		Replies	Views
Docker and iptables configuration @startup General	2	31830	November 24, 2016
POSTROUTING SNAT not applied on all outgoing traffic General docker	3	4391	May 31, 2021
Understanding iptables rules added by docker General docker	2	38690	December 20, 2023
Network : Lost Host IP General docker	1	2826	October 28, 2015
No access to containers General	0	812	March 18, 2017

Persistent POSTROUTING iptable rules

Related topics