docker 動態映射運行的container端口實例詳解

2019-11-02 16:21:55

字體：大中小

來源：轉載

供稿：網友

docker動態映射運行的container端口，最近做項目，對于docker動態映射運行的container端口的資料有必要記錄下，以便以后在用到，

Docker自帶了EXPOSE命令，可以通過編寫dockerfile加-p參數方便的映射Container內部端口，但是對于已經運行的container，如果你想對外開放一個新的端口，只能編輯dockerfile然后重新build，有點不太方便。

其實docker本身使用了iptables來做端口映射的，所以我們可以通過一些簡單的操作來實現動態映射運行中的container端口。

通過運行iptables命令可以看到具體的端口映射(下面的實例中IP為192.168.42.41的container開放了22和20280等端口)

[yaxin@ubox ~]$sudo iptables -nvxL Chain INPUT (policy ACCEPT 262 packets, 529689 bytes)   pkts   bytes target   prot opt in   out   source        destination   14355  789552 DROP    tcp -- *   *    0.0.0.0/0      0.0.0.0/0      tcp dpt:25  Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)   pkts   bytes target   prot opt in   out   source        destination  5479459 653248187 DOCKER   all -- *   docker0 0.0.0.0/0      0.0.0.0/0   93990 314970368 ACCEPT   all -- *   docker0 0.0.0.0/0      0.0.0.0/0      ctstate RELATED,ESTABLISHED  4705395 2183219154 ACCEPT   all -- docker0 !docker0 0.0.0.0/0      0.0.0.0/0     0    0 ACCEPT   all -- docker0 docker0 0.0.0.0/0      0.0.0.0/0  Chain OUTPUT (policy ACCEPT 282 packets, 622495 bytes)   pkts   bytes target   prot opt in   out   source        destination  Chain DOCKER (1 references)   pkts   bytes target   prot opt in   out   source        destination    218  13193 ACCEPT   tcp -- !docker0 docker0 0.0.0.0/0      192.168.42.41    tcp dpt:22280  4868186 297463902 ACCEPT   tcp -- !docker0 docker0 0.0.0.0/0      192.168.42.41    tcp dpt:20280   78663 13128102 ACCEPT   tcp -- !docker0 docker0 0.0.0.0/0      192.168.42.41    tcp dpt:22    47   4321 ACCEPT   tcp -- !docker0 docker0 0.0.0.0/0      192.168.42.41    tcp dpt:28159 [yaxin@ubox ~]$sudo iptables -t nat -nvxL Chain PREROUTING (policy ACCEPT 210199 packets, 14035875 bytes)   pkts   bytes target   prot opt in   out   source        destination  1219483 82563968 DOCKER   all -- *   *    0.0.0.0/0      0.0.0.0/0      ADDRTYPE match dst-type LOCAL  Chain INPUT (policy ACCEPT 197679 packets, 13316595 bytes)   pkts   bytes target   prot opt in   out   source        destination  Chain OUTPUT (policy ACCEPT 271553 packets, 16671466 bytes)   pkts   bytes target   prot opt in   out   source        destination   1643  99251 DOCKER   all -- *   *    0.0.0.0/0      !127.0.0.0/8     ADDRTYPE match dst-type LOCAL  Chain POSTROUTING (policy ACCEPT 271743 packets, 16682594 bytes)   pkts   bytes target   prot opt in   out   source        destination   13468  811013 MASQUERADE all -- *   !docker0 192.168.42.0/24   0.0.0.0/0     0    0 MASQUERADE tcp -- *   *    192.168.42.41    192.168.42.41    tcp dpt:22280     0    0 MASQUERADE tcp -- *   *    192.168.42.41    192.168.42.41    tcp dpt:20280     0    0 MASQUERADE tcp -- *   *    192.168.42.41    192.168.42.41    tcp dpt:22     0    0 MASQUERADE tcp -- *   *    192.168.42.41    192.168.42.41    tcp dpt:28159  Chain DOCKER (2 references)   pkts   bytes target   prot opt in   out   source        destination    22   1404 DNAT    tcp -- !docker0 *    0.0.0.0/0      0.0.0.0/0      tcp dpt:22280 to:192.168.42.41:22280    288  17156 DNAT    tcp -- !docker0 *    0.0.0.0/0      0.0.0.0/0      tcp dpt:20280 to:192.168.42.41:20280    93   5952 DNAT    tcp -- !docker0 *    0.0.0.0/0      0.0.0.0/0      tcp dpt:22222 to:192.168.42.41:22     8   512 DNAT    tcp -- !docker0 *    0.0.0.0/0      0.0.0.0/0      tcp dpt:28159 to:192.168.42.41:28159

上一篇：詳解nginx服務器中的安全配置

下一篇：docker中安裝quagga詳細介紹