gg7/iptables-dnat-ssh-tunnel.md

Last active November 9, 2017 17:52

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/gg7/23a441b11b9e4a8e98bcd85d68d535d3.js"></script>
Save gg7/23a441b11b9e4a8e98bcd85d68d535d3 to your computer and use it in GitHub Desktop.

SSH tunnel + iptables DNAT + Docker containers

Raw

Tell the kernel to route traffic to 127.0.0.0/8:

root@george:~# sysctl -w net.ipv4.conf.docker0.route_localnet=1

(You might need to do this for additional interfaces -- works for me)

Make sure your INPUT chain of the filter table will accept the connection:

root@george:~# iptables -I INPUT -i docker+ -d 127.0.0.0/8 -j ACCEPT

We only need a single DNAT rule:

root@george:~# iptables -t nat -I PREROUTING -d 10.200.200.200 -p tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:8080

Set up the tunnel:

george@george:~$ ssh -N -L 8080:127.0.0.1:8080 somewhere.local

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment