docker通过iptables修改或新增镜像映射端口

443 8088 22 端口是初始映射端口

[root@SERVER ~]# docker ps
CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS              PORTS                                                                NAMES
96b2d3c6c99d        inits/source1.0.3   "/usr/sbin/sshd -D"   2 hours ago         Up 2 hours          0.0.0.0:443->443/tcp, 0.0.0.0:8088->8088/tcp, 0.0.0.0:1038->22/tcp   elegant_blackwell 

iptables策略

[root@SERVER ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0           ADDRTYPE match dst-type LOCAL 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
MASQUERADE  tcp  --  172.17.0.15          172.17.0.15         tcp dpt:8088 
MASQUERADE  tcp  --  172.17.0.15          172.17.0.15         tcp dpt:443 
MASQUERADE  tcp  --  172.17.0.15          172.17.0.15         tcp dpt:22 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8         ADDRTYPE match dst-type LOCAL 

Chain DOCKER (2 references)
target     prot opt source               destination         
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8088 to:172.17.0.15:8088 
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 to:172.17.0.15:443 
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:1038 to:172.17.0.15:22 

新增映射端口

iptables -t nat -A DOCKER ! -i br0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.17.0.15:80