- 论坛徽章:
- 0
|
如题,请问如何用iptable 将一mDNS包从一个网口路由到另一个网口?
想将下面 ens33里的mDNS传到 docker0 这个bridge里
具体如下:
- host机器的eth接口:
- docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
- inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
- 。。。
- ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
- inet 192.168.1.101 netmask 255.255.255.0 broadcast 192.168.1.255
- 。。。
- lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
- inet 127.0.0.1 netmask 255.0.0.0
- 。。。
- vetha6f8ec5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
- inet6 fe80::fcb3:bbff:fe78:c72d prefixlen 64 scopeid 0x20<link>
- 。。。
复制代码
- iptables -t filter -L
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- DOCKER-USER all -- anywhere anywhere
- DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
- DOCKER all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- ACCEPT all -- anywhere anywhere
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- Chain DOCKER (1 references)
- target prot opt source destination
- ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http
- Chain DOCKER-ISOLATION-STAGE-1 (1 references)
- target prot opt source destination
- DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
- RETURN all -- anywhere anywhere
- Chain DOCKER-ISOLATION-STAGE-2 (1 references)
- target prot opt source destination
- DROP all -- anywhere anywhere
- RETURN all -- anywhere anywhere
- Chain DOCKER-USER (1 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
复制代码- Chain PREROUTING (policy ACCEPT)
- target prot opt source destination
- DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- DOCKER all -- anywhere !localhost/8 ADDRTYPE match dst-type LOCAL
- Chain POSTROUTING (policy ACCEPT)
- target prot opt source destination
- MASQUERADE all -- 172.17.0.0/16 anywhere
- MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:http
- Chain DOCKER (2 references)
- target prot opt source destination
- RETURN all -- anywhere anywhere
- DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.17.0.2:80
复制代码
|
|