Docker Community Forums

Share and learn in the Docker community.

Persistent POSTROUTING iptable rules

docker

(Adimulam) #1

Issue Type: Docker with IPTABLES enabled

Docker Version: 1.12.6

I had to add few iptable entries into NAT table, POSTROUTING chain, to allow docker containers to access internet through a different source-address/source-interface of Host Machine (to_source).

Things are working fine.

Ex:

target     prot opt source               destination
SNAT       all  --  100.100.8.0/22       10.1.2.3       to:100.64.0.5

But, when docker service is restarted, it inserts MASQUERADE rules on top of my entries and hence my fix as above is masked. Docker containers can’t access internet now.

Ex:

target     prot opt source               destination
MASQUERADE  all  --  100.100.8.0/22       0.0.0.0/0
SNAT        all  --  100.100.8.0/22       10.1.2.3       to:100.64.0.5

Is there anyway to make my POSTROUTING rules to stay always on top of the chain even after docker restarts?