1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Commit graph

4 commits

Author SHA1 Message Date
Darren Shepherd
b39d02b611 Support hairpin NAT without going through docker server
Hairpin NAT is currently done by passing through the docker server.  If
two containers on the same box try to access each other through exposed
ports and using the host IP the current iptables rules will not match the
DNAT and thus the traffic goes to 'docker -d'

This change drops the restriction that DNAT traffic must not originate
from docker0.  It should be safe to drop this restriction because the
DOCKER chain is already gated by jumps that check for the destination
address to be a local address.

Docker-DCO-1.1-Signed-off-by: Darren Shepherd <darren.s.shepherd@gmail.com> (github: ibuildthecloud)
2014-03-03 21:53:57 -07:00
Josh Poimboeuf
ea63ade772 iptables: use dest_addr and dest_port for public port FORWARD rule
Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
2014-02-04 11:32:50 -06:00
Josh Poimboeuf
db250f709a network: add publicly mapped ports to FORWARD table
Allow publicly mapped ports to be made public beyond the host.  This is
needed for distros like Fedora and RHEL which have a reject all rule at
the end of their FORWARD table.

Docker-DCO-1.1-Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> (github: jpoimboe)
2014-01-28 13:11:49 -06:00
Solomon Hykes
7799ae27ca Move utility package 'iptables' to pkg/iptables 2014-01-06 15:41:24 -08:00