0

We need to implement a proxy only by using iptables in a container and all traffic from other containers use this container to reach internet. Additionally in this proxy, drop trafffic to yahoo.com domain and allow the rest.

I've a Oracle VM Box in windows that hosts a Ubuntu VM. In this VM, I've installed docker with 4 containers having Ubuntu image as shown here:

enter image description here

Requirement is any traffic from avant3, avant4 or avant2 should use avant1 as proxy to reach internet. avant1 should only implement iptables rules to become a tcp proxy.

In avant1 container in interactive mode, did the following as per this link:

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

Going into avant3 and executing curl and specifying avant1 as proxy, getting this response:

root@340787f0b409:/# curl -x 172.19.0.3 "www.google.com" -I
curl: (7) Failed to connect to 172.19.0.3 port 1080 after 0 ms: Connection refused
root@340787f0b409:/# curl -x 172.19.0.3:80 "www.google.com" -I
curl: (7) Failed to connect to 172.19.0.3 port 80 after 0 ms: Connection refused
root@340787f0b409:/# 18.0

Can anybody guide me on the mistake I'm doing to achieve my requirement?

Pierre.Vriens
  • 7,225
  • 14
  • 39
  • 84
Nachi Nachiappan
  • 11
  • 2

1 Answers1

1

Rather than a proxy solution, I thought of a different approach, avant1 will act as the gateway to all containers in localnet & testnet bridge networks. Either while creating the bridge networks you can specify a custom gateway as 172.18.0.2 & 172.19.0.3 for localnet and testnet respectively or use ip route command to replace the default gateways in individual containers.

In my case, added a FORWARD drop rule for domain yahoo.com in avant1. Entering into avant1 container interactively, did the following:

iptables --append FORWARD -d yahoo.com -j DROP

& launching avant3 container interactively, executed

ip route replace default via 172.19.0.3 dev eth0

then,

curl yahoo.com -I

will not allow the traffic anymore in avant3 while allowing rest to passthrough

Nachi Nachiappan
  • 11
  • 2