修改或添加Docker与本机端口的映射需要生成新的image并通过这个image建立新的container,对于正式应用不是很方便,这里介绍一种是通过iptables来完成的Docker与本机端口的动态端口映射的方法,如下,
1、第一步:
[root@iZ2ze7qovdcua99q5lxkb4Z ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 6907K packets, 412M bytes)
pkts bytes target prot opt in out source destination
7092K 422M DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 6900K packets, 412M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 82M packets, 4924M bytes)
pkts bytes target prot opt in out source destination
58M 3498M DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 82M packets, 4934M bytes)
pkts bytes target prot opt in out source destination
6169 388K MASQUERADE all -- * !docker0 192.168.0.0/20 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:8889
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:8887
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:8886
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:8885
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:22
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
6120K 367M RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
458 19076 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8889 to:192.168.0.2:8889
510 25628 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8887 to:192.168.0.2:8887
713 33352 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8886 to:192.168.0.2:8886
189K 9582K DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8885 to:192.168.0.2:8885
96 5040 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:301 to:192.168.0.2:22
2、第二步:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8880 -j DNAT --to-destination 192.168.0.2:8880
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8881 -j DNAT --to-destination 192.168.0.2:8881
3、第三步:
[root@iZ2ze7qovdcua99q5lxkb4Z ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
7092K 422M DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8880 to:192.168.0.2:8880
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8881 to:192.168.0.2:8881
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 12 packets, 720 bytes)
pkts bytes target prot opt in out source destination
58M 3498M DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 12 packets, 720 bytes)
pkts bytes target prot opt in out source destination
6169 388K MASQUERADE all -- * !docker0 192.168.0.0/20 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:8889
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:8887
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:8886
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:8885
0 0 MASQUERADE tcp -- * * 192.168.0.2 192.168.0.2 tcp dpt:22
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
6120K 367M RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
458 19076 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8889 to:192.168.0.2:8889
510 25628 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8887 to:192.168.0.2:8887
713 33352 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8886 to:192.168.0.2:8886
189K 9582K DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8885 to:192.168.0.2:8885
96 5040 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:301 to:192.168.0.2:22
系统版本:ubuntu 14.04