问题
I am setting up two docker containers (say A (172.17.0.2) and B (172.17.0.3)) connected using a bridge. I wish to route all requests from the host container to container A and then container B and then to the internet. The response should follow the reverse path.
So far, I have been able to do this using the host and one container (say A). I have set up mitmproxy running in transparent mode on container A. I started running mitmproxy on port 8080 (with host binding, so port 8080 on A is bound to port 8081 on the host). I am able to route all the connections on the host through A and then back to the host. I am forwarding all connections on ports 80 and 443 to port 8080 on the docker container.
These rules accomplish routing as a non-root user using one docker container.
iptables -I OUTPUT -t nat -p tcp --dport 80 -m owner ! --uid-owner 0 -j DNAT --to 127.0.0.1:8080
iptables -I OUTPUT -t nat -p tcp --dport 443 -m owner ! --uid-owner 0 -j DNAT --to 127.0.0.1:8080
I tried similar rules on container A by running mitmproxy in transparent mode on container B on port 8500. I think this is the right approach to do it:
Route all host traffic on port 80/443 to port 8080 on container A Route all container A traffic on port 8080 (all traffic should be on this port here) to port 8500 on container B Container B should make the actual request to the internet and send the response back to A, which sends it back to the host.
When I set up rules like below on container A, I see an infinite loop of GET requests being made on container B
iptables -I OUTPUT -t nat -p tcp --dport 8080 -m owner ! --uid-owner 0 -j DNAT --to 172.17.0.3:8500
I think it has something to do with the existing iptables rules that have been set up by docker on the host machine, but I am unable to figure out how to get it working.
Appreciate the help!
来源:https://stackoverflow.com/questions/55698728/how-can-i-create-a-tunnel-between-multiple-docker-containers-and-the-host