[root@ol85 ~]# ip addr
[root@ol85 ~]# docker run -itd busybox
docker使用iptables实现网络通信
[root@ol85 ~]# ss -antp |grep 88
外部访问容器
[root@ol85 ~]# iptables -t nat -vnL DOCKER
[root@ol85 ~]# ip route
dnat目标网路地址转换
容器访问外部
进入busybox
[root@ol85 ~]# docker exec -it bc06d5cf7250 sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:172.17.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3494 (3.4 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ # ping baidu.com
[root@ol85 ~]# iptables -t nat -vnL POSTROUTING
snat源地址