Docker tunnel traffic on specific port via VPN

2

Not sure if this is docker specific or a general networking question.

I'm running a Debian Jessie server with serveral docker containers. My understanding is that docker creates a virtual interface (or strictly speaking a virtual ethernet bridge) called docker0 and binds the virtual interfaces of each individual container. It then manipulates the host's iptables to allow communication between each container's exposed ports and the host's network.

I have a VPN, the interface is tun0. One of the containers exposes two ports: 8888 and 23456. I want to tunnel all traffic to and from port 23456 through the VPN.

How can this be done?

Another way of looking at this is that docker automatically routes traffic based on the port to the right container. I want to insert another layer via iptables, where traffic on port 23456 is directed to the VPN and any traffic from the VPN is directed to port 23456.

For info, the VPN provider uses OpenVPN.

fswings

Posted 2015-05-07T08:51:10.740

Reputation: 666

Answers

0

This should be completely automatic, except for the need of the usual masquerade rule:

  iptables -t nat -A POSTROUTING -i docker0 -o tun0 -j MASQUERADE

Just for the sake of thoroughness, make sure you have the routing rule, on the host, servicing docker0: if you can ping the dockers from the host, no need to read further. Otherwise add

  ip route add Docker'sNetwork/16 via dev docker0

MariusMatutiae

Posted 2015-05-07T08:51:10.740

Reputation: 41 321

Asked: 2015-05-07T08:51:10.740

Viewed: 3 288 times

Active: 2020-02-06T06:00:45.210