Skip to content

Instantly share code, notes, and snippets.

@gg7

gg7/iptables-dnat-ssh-tunnel.md

Last active November 9, 2017 17:52
Show Gist options
  • Save gg7/23a441b11b9e4a8e98bcd85d68d535d3 to your computer and use it in GitHub Desktop.
Save gg7/23a441b11b9e4a8e98bcd85d68d535d3 to your computer and use it in GitHub Desktop.
Download ZIP
SSH tunnel + iptables DNAT + Docker containers
Raw
iptables-dnat-ssh-tunnel.md

Tell the kernel to route traffic to 127.0.0.0/8:

root@george:~# sysctl -w net.ipv4.conf.docker0.route_localnet=1

(You might need to do this for additional interfaces -- works for me)

Make sure your INPUT chain of the filter table will accept the connection:

root@george:~# iptables -I INPUT -i docker+ -d 127.0.0.0/8 -j ACCEPT

We only need a single DNAT rule:

root@george:~# iptables -t nat -I PREROUTING -d 10.200.200.200 -p tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:8080

Set up the tunnel:

george@george:~$ ssh -N -L 8080:127.0.0.1:8080 somewhere.local
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment