Skip to content

Implemented SNAT support #788

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Implemented SNAT support #788

wants to merge 2 commits into from

Conversation

chrisnew
Copy link

Hello docker community,

instead of masquerade all containers, I implemented the use of masquerade or snat (if exposed port has an IP address) on each container individually. So it's possible to use on a machine with more than just one IPv4 address arbitrary IPv4 addresses individually per container on outgoing connections.

I guess due to the fact that this is my first pull request on docker/libnetwork, there are still some things I need to fix before someone accepts this patch. So please let me know. :)

Cheers

@chrisnew
implemented SNAT support
4567bb5 
instead of masquerade all containers, we use now masquerade or snat (if exposed port has an IP address) on each container individually
@chrisnew
cleanup
d1be155
@mort1k mort1k mentioned this pull request Jan 18, 2016
Closed
@mort1k
Copy link

mort1k commented Jan 18, 2016

This can be useful if you want to make a connection within the container to outside. In the case of mapping ip:port:container_port when initiating the connection from the outside, conntrack handles this situation by itself and sends the data is already initiating the connection (and then correct source and destination)

@chrisnew
Copy link
Author

chrisnew commented Feb 9, 2016

Exactly this. I’m sorry I hadn’t the chance lately to check my PR to make it pass the tests. I’m also wondering if it’s now possible to achieve the same effect by using the new networking capabilities in Docker 1.10. I haven’t checked it yet.

@mpalmer
Copy link

mpalmer commented Jun 6, 2016

Any word on the progress of this PR? It would be extremely useful in a circumstance I find myself in at present.

@GordonTheTurtle
Copy link

@chrisnew It has been detected that this issue has not received any activity in over 6 months. Can you please let us know if it is still relevant:

  • For a bug: do you still experience the issue with the latest version?
  • For a feature request: was your request appropriately answered in a later version?

Thank you!
This issue will be automatically closed in 1 week unless it is commented on.
For more information please refer to #1926

@mpalmer
Copy link

mpalmer commented Aug 31, 2017

I don't believe an equivalent of this feature is implemented at present.

@chrisnew
Copy link
Author

Unfortunately I’m pretty much out of sync of the current libnetwork development.

The purpose of this PR was to deploy SNAT for any exposed port which is bound to an explicit IPv4. Otherwise masquerading traffic would always stick to the primary IPv4 of the uplink interface.

I had one Docker deployment on a server with multiple IP addresses and I wanted to use for some containers different outgoing IPv4 addreses. Eventually I did a split and did setup separate servers.

However I’m not sure if the newest network stuff in Docker is capable to achieve the same effect using different network definitions and if my stuff will still work flawlessly without breaking more modern features.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@chrisnew @mort1k @mpalmer @GordonTheTurtle