443 8088 22 端口是初始映射端口
[root@SERVER ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 96b2d3c6c99d inits/source1.0.3 "/usr/sbin/sshd -D" 2 hours ago Up 2 hours 0.0.0.0:443->443/tcp, 0.0.0.0:8088->8088/tcp, 0.0.0.0:1038->22/tcp elegant_blackwell
iptables策略
[root@SERVER ~]# iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0 MASQUERADE tcp -- 172.17.0.15 172.17.0.15 tcp dpt:8088 MASQUERADE tcp -- 172.17.0.15 172.17.0.15 tcp dpt:443 MASQUERADE tcp -- 172.17.0.15 172.17.0.15 tcp dpt:22 Chain OUTPUT (policy ACCEPT) target prot opt source destination DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain DOCKER (2 references) target prot opt source destination DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8088 to:172.17.0.15:8088 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.17.0.15:443 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1038 to:172.17.0.15:22
新增映射端口
iptables -t nat -A DOCKER ! -i br0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.17.0.15:80