我从防火墙后面运行docker容器,我必须在每个容器中设置代理参数,这总是有问题的。当我从Dockerfile s运行构建时,这尤其糟糕。
我设置了redsocks,以便它自动代理来自我的主机的传出流量,但是docker容器似乎没有通过这个链。
user@user ~ $ sudo iptables -L -t nat -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDSOCKS_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REDSOCKS_FILTER tcp -- 0.0.0.0/0 0.0.0.0/0
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.4 172.17.0.4 tcp dpt:5050
Chain DOCKER (2 references)
target prot opt source destination
Chain REDSOCKS (1 references)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 12347
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 12346
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp redir ports 12345
Chain REDSOCKS_FILTER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 10.0.0.0/8
.....
REDSOCKS all -- 0.0.0.0/0 0.0.0.0/0
有没有办法让来自容器的数据包与我机器上的其他内容一样通过相同的REDSOCKS_FILTER。