5

I have the following system scenario, where host A (88.12.0.1) and host B (193.11.8.1) are only connected via SSH. On Host B (+172.17.0.2) there is a Docker container running with IP 172.17.0.3.

Now I have an application on host A that has to communicate with an application on Host B (port 22222) and an application on the container (port 22223).

Another application on Host A (port 8081) is running as a server which has to be contacted by the Docker container application.

So far I have managed to forward the traffic only from Host A to B by setting up the following rules on Host A:

ssh -NL 22222:193.11.8.1:22222 [email protected] -v
ssh -NL 22223:193.11.8.1:22223 [email protected] -v

Only SSH is available as a port between Host A and Host B.

The first of the above rules works as it is, since it covers the first case of the application on Host A contacting application on Host B. The second rule is to forward the traffic that is meant for the docker container from Host A to Host B (but would need to be forwarded from there to the docker container).

The mapping on host B, should be that the incoming traffic that has destination port 22223 should be forwarded to the Docker container (172.17.03:22223). The Docker container when sending traffic to 8081 the traffic has to be forwarded to Host A at port 8081, through the Host B were the container is running on, the SSH channel that connects Host A and B to the server application running on Host A and port 8081.

Improve this question
4
  • what do you mean be only connected via ssh, only ssh port is open ? or what ? Commented Jan 31, 2017 at 12:29
  • Yes only the SSH port is available Commented Jan 31, 2017 at 12:32
  • and you want to use ssh port to mapping between two different apps on the source and tow different apps on the destination ? Commented Jan 31, 2017 at 12:36
  • I updated the question hope it's clearer now Commented Jan 31, 2017 at 12:40

1 Answer 1

Reset to default
1

I didn't exactly understand what you want but i just translate your edit on your question to iptables rules.

But first, whay you don't try to map port when running the container:

 docker run -d -p 22223:22223 yourimage

This well forward every packet come on the host ip on port 22223 to the container.

Using iptables on B host:

iptables -t nat -A PREROUTING -p tcp -d 193.11.8.1 --dport 22223 -j DNAT --to 172.17.0.3:22223

The above command will change the destination of the packet that come to 193.11.8.1:22223 to 172.17.0.3:22223

iptables -t nat -A PREROUTING -p tcp -s 172.17.0.3 --dport 8081 -j DNAT --to 88.12.0.1

The above command will change the destination of the packet that come from 172.17.0.3 and the destination port is 8081 to 88.12.0.1:8081

Improve this answer
7
  • I have tried the first rule and the traffic is being send to Host B:22223 but not further to the docker container Commented Jan 31, 2017 at 13:41
  • You should be aware where this rule is apply in the iptables and if there is some rule prevent the packet from continue it's way, I edited my answer. Commented Feb 4, 2017 at 7:48
  • Just by using the port map from the first command when starting docker forwards the packets into the container; the problem still remaining is to send the packets from within the container to the host, because the iptable rules for port 22223 don't seem to work Commented Feb 4, 2017 at 9:49
  • @wasp256 use the last rule that i mentioned Commented Feb 4, 2017 at 9:52
  • 2
    Great everything works now, thx a lot for the help! Commented Feb 4, 2017 at 12:47

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.