Docker tunnel traffic on specific port via VPN





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







2















Not sure if this is docker specific or a general networking question.



I'm running a Debian Jessie server with serveral docker containers. My understanding is that docker creates a virtual interface (or strictly speaking a virtual ethernet bridge) called docker0 and binds the virtual interfaces of each individual container. It then manipulates the host's iptables to allow communication between each container's exposed ports and the host's network.



I have a VPN, the interface is tun0. One of the containers exposes two ports: 8888 and 23456. I want to tunnel all traffic to and from port 23456 through the VPN.



How can this be done?



Another way of looking at this is that docker automatically routes traffic based on the port to the right container. I want to insert another layer via iptables, where traffic on port 23456 is directed to the VPN and any traffic from the VPN is directed to port 23456.



For info, the VPN provider uses OpenVPN.






linux networking vpn routing iptables







share|improve this question





























    2















    Not sure if this is docker specific or a general networking question.



    I'm running a Debian Jessie server with serveral docker containers. My understanding is that docker creates a virtual interface (or strictly speaking a virtual ethernet bridge) called docker0 and binds the virtual interfaces of each individual container. It then manipulates the host's iptables to allow communication between each container's exposed ports and the host's network.



    I have a VPN, the interface is tun0. One of the containers exposes two ports: 8888 and 23456. I want to tunnel all traffic to and from port 23456 through the VPN.



    How can this be done?



    Another way of looking at this is that docker automatically routes traffic based on the port to the right container. I want to insert another layer via iptables, where traffic on port 23456 is directed to the VPN and any traffic from the VPN is directed to port 23456.



    For info, the VPN provider uses OpenVPN.






    linux networking vpn routing iptables







    share|improve this question

























      2












      2








      2








      Not sure if this is docker specific or a general networking question.



      I'm running a Debian Jessie server with serveral docker containers. My understanding is that docker creates a virtual interface (or strictly speaking a virtual ethernet bridge) called docker0 and binds the virtual interfaces of each individual container. It then manipulates the host's iptables to allow communication between each container's exposed ports and the host's network.



      I have a VPN, the interface is tun0. One of the containers exposes two ports: 8888 and 23456. I want to tunnel all traffic to and from port 23456 through the VPN.



      How can this be done?



      Another way of looking at this is that docker automatically routes traffic based on the port to the right container. I want to insert another layer via iptables, where traffic on port 23456 is directed to the VPN and any traffic from the VPN is directed to port 23456.



      For info, the VPN provider uses OpenVPN.






      linux networking vpn routing iptables







      share|improve this question














      Not sure if this is docker specific or a general networking question.



      I'm running a Debian Jessie server with serveral docker containers. My understanding is that docker creates a virtual interface (or strictly speaking a virtual ethernet bridge) called docker0 and binds the virtual interfaces of each individual container. It then manipulates the host's iptables to allow communication between each container's exposed ports and the host's network.



      I have a VPN, the interface is tun0. One of the containers exposes two ports: 8888 and 23456. I want to tunnel all traffic to and from port 23456 through the VPN.



      How can this be done?



      Another way of looking at this is that docker automatically routes traffic based on the port to the right container. I want to insert another layer via iptables, where traffic on port 23456 is directed to the VPN and any traffic from the VPN is directed to port 23456.



      For info, the VPN provider uses OpenVPN.






      linux networking vpn routing iptables




      linux networking vpn routing iptables






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked May 7 '15 at 8:51









      fswingsfswings

      539523




      539523






















          1 Answer
          1






          active

          oldest

          votes


















          0














          This should be completely automatic, except for the need of the usual masquerade rule:



            iptables -t nat -A POSTROUTING -i docker0 -o tun0 -j MASQUERADE


          Just for the sake of thoroughness, make sure you have the routing rule, on the host, servicing docker0: if you can ping the dockers from the host, no need to read further. Otherwise add



            ip route add Docker'sNetwork/16 via dev docker0





          share|improve this answer
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f911813%2fdocker-tunnel-traffic-on-specific-port-via-vpn%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            This should be completely automatic, except for the need of the usual masquerade rule:



              iptables -t nat -A POSTROUTING -i docker0 -o tun0 -j MASQUERADE


            Just for the sake of thoroughness, make sure you have the routing rule, on the host, servicing docker0: if you can ping the dockers from the host, no need to read further. Otherwise add



              ip route add Docker'sNetwork/16 via dev docker0





            share|improve this answer




























              0














              This should be completely automatic, except for the need of the usual masquerade rule:



                iptables -t nat -A POSTROUTING -i docker0 -o tun0 -j MASQUERADE


              Just for the sake of thoroughness, make sure you have the routing rule, on the host, servicing docker0: if you can ping the dockers from the host, no need to read further. Otherwise add



                ip route add Docker'sNetwork/16 via dev docker0





              share|improve this answer


























                0












                0








                0







                This should be completely automatic, except for the need of the usual masquerade rule:



                  iptables -t nat -A POSTROUTING -i docker0 -o tun0 -j MASQUERADE


                Just for the sake of thoroughness, make sure you have the routing rule, on the host, servicing docker0: if you can ping the dockers from the host, no need to read further. Otherwise add



                  ip route add Docker'sNetwork/16 via dev docker0





                share|improve this answer













                This should be completely automatic, except for the need of the usual masquerade rule:



                  iptables -t nat -A POSTROUTING -i docker0 -o tun0 -j MASQUERADE


                Just for the sake of thoroughness, make sure you have the routing rule, on the host, servicing docker0: if you can ping the dockers from the host, no need to read further. Otherwise add



                  ip route add Docker'sNetwork/16 via dev docker0






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jun 13 '15 at 12:24









                MariusMatutiaeMariusMatutiae

                39.1k954101




                39.1k954101






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f911813%2fdocker-tunnel-traffic-on-specific-port-via-vpn%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Plaza Victoria

                    Image
                    Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l
                    Read more

                    Puebla de Zaragoza

                    Image
                    Para otros usos de este término, véase Puebla (desambiguación). Heroica Puebla de Zaragoza Localidad De arriba a abajo de izquierda a derecha: Estrella de Puebla, Volcán Popocatépetl, Catedral de Puebla, Monumento a Ignacio Zaragoza, Estadio Cuauhtémoc, Angelópolis y Vista panorámica de la ciudad. Escudo Otros nombres: El relicario de América/ La ciudad de los Ángeles/ La Angelópolis Lema: Muy noble y muy leal ciudad de Puebla de los Ángeles Heroica Puebla de Zaragoza Localización de Heroica Puebla de Zaragoza en México Heroica Puebla de Zaragoza Localización de Heroica Puebla de Zaragoza en Puebla Mapa interactivo Coordenadas 19°03′05″N 98°13′04″O  /  19.051388888889, -98.217777777778 Coordenadas: 19°03′05″N 98°13′04″O  /  19.051388888889, -98.217777777778 Idioma oficial Español Entidad Localidad  • País   México  • Estado Puebla  • Municipio Puebla Presidente municipal Claudia Rivera Vivanc
                    Read more

                    Musa

                    Image
                    Para el género de plantas, véase Musa (planta). Apolo y la Nueve Musas En la mitología griega, las musas (en griego antiguo μοῦσαι « mousai» ) son, según los escritores más antiguos, las divinidades inspiradoras de las Artes: cada una de ellas está relacionada con ramas artísticas y del conocimiento. Son hijas de Zeus y de Mnemósine, compañeras del séquito de Apolo, dios olímpico de la música y patrón de las bellas artes, quien tuvo romances con cada una de ellas, dejando descendientes. Bajaban a la tierra a susurrar ideas e inspirar a aquellos mortales que las invocaran. En la época más arcaica eran las ninfas inspiradoras de las fuentes, en las cuales eran adoradas. Finalmente, alrededor de los siglos VIII-VII a. C. [ 1 ] ​ prevaleció en todo el territorio de la Hélade la adoración de las nueve Musas, que son Calíope, Clío, Erato, Euterpe, Melpómene, Polimnia, Talía, Terpsícore y Urania. El culto a las musas era originalmente de Tracia y Beocia, y fueron de vital impo
                    Read more