docker端口映射
1.docker run -d -p 80:80 nginx:latest
docker端口映射
1.docker run -d -p 80:80 nginx:latest
2.iptables查看规则
[root@docker03 ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:80
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.17.0.2:803.查看内核地址转发参数
[root@docker03 ~]# sysctl -a | grep ipv4|grep ip_forward
net.ipv4.ip_forward = 1 (默认是1,当容器启动变成1)
net.ipv4.ip_forward_use_pmtu = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.docker0.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.eth1.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
sysctl: reading key "net.ipv6.conf.veth93eb530.stable_secret"4.基于IP地址绑定同一个端口
[root@docker03 ~]# docker run -d -p 10.0.0.13:80:80 nginx:latest
e7aa9f43ee1291c1dc57f3fdbd6b144896df862571002bd64ca061fd4e646d9c
[root@docker03 ~]# docker run -d -p 10.0.0.110:80:80 nginx:latest
22e0d4ce1a264b0538651659f538361f4c54926bdea64ef9d937b47a86d812e1
[root@docker03 ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.0.0.110:80 0.0.0.0:* LISTEN 20210/docker-proxy
tcp 0 0 10.0.0.13:80 0.0.0.0:* LISTEN 20114/docker-proxy 
5.宿主机随机端口映射到容器端口
[root@docker03 ~]# docker run -d -p 10.0.0.13::80 nginx:latest
3f3a37db1b6b0c4dddbc18f358ef8282f54e93fc06aeb96d80c76b9a806e1bf1
[root@docker03 ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::32768 :::* LISTEN 22649/docker-proxy 6.基于UDP端口映射
[root@docker03 ~]# docker run -d -p ::80/udp nginx:latest
0b4d888d4afb9b81a71a205375b23c9e68d514070d391e44370da5381b2c000b
[root@docker03 ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::32768 :::* LISTEN 22649/docker-proxy
udp6 0 0 :::32768 :::* 22926/docker-proxy 7.多端口映射
docker run -d -p 80:80 -p 3306:3306 nginx:latest8.端口范围映射(端口数量一致)
[root@docker03 ~]# docker run -d -p 1111-1119:1110-1118 nginx:latest
06d03e55631c4e550898bae551b95b28074758093c1272746a1f2ccb781d2a3a2.iptables查看规则
[root@docker03 ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:80
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.17.0.2:803.查看内核地址转发参数
[root@docker03 ~]# sysctl -a | grep ipv4|grep ip_forward
net.ipv4.ip_forward = 1 (默认是1,当容器启动变成1)
net.ipv4.ip_forward_use_pmtu = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.docker0.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.eth1.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
sysctl: reading key "net.ipv6.conf.veth93eb530.stable_secret"4.基于IP地址绑定同一个端口
[root@docker03 ~]# docker run -d -p 10.0.0.13:80:80 nginx:latest
e7aa9f43ee1291c1dc57f3fdbd6b144896df862571002bd64ca061fd4e646d9c
[root@docker03 ~]# docker run -d -p 10.0.0.110:80:80 nginx:latest
22e0d4ce1a264b0538651659f538361f4c54926bdea64ef9d937b47a86d812e1
[root@docker03 ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.0.0.110:80 0.0.0.0:* LISTEN 20210/docker-proxy
tcp 0 0 10.0.0.13:80 0.0.0.0:* LISTEN 20114/docker-proxy 5.宿主机随机端口映射到容器端口
[root@docker03 ~]# docker run -d -p 10.0.0.13::80 nginx:latest
3f3a37db1b6b0c4dddbc18f358ef8282f54e93fc06aeb96d80c76b9a806e1bf1
[root@docker03 ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::32768 :::* LISTEN 22649/docker-proxy 6.基于UDP端口映射
[root@docker03 ~]# docker run -d -p ::80/udp nginx:latest
0b4d888d4afb9b81a71a205375b23c9e68d514070d391e44370da5381b2c000b
[root@docker03 ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::32768 :::* LISTEN 22649/docker-proxy
udp6 0 0 :::32768 :::* 22926/docker-proxy 7.多端口映射
docker run -d -p 80:80 -p 3306:3306 nginx:latest8.端口范围映射(端口数量一致)
[root@docker03 ~]# docker run -d -p 1111-1119:1110-1118 nginx:latest
06d03e55631c4e550898bae551b95b28074758093c1272746a1f2ccb781d2a3a来源:51CTO
作者:Eric_张子豪
链接:https://blog.51cto.com/13723701/2464632