lubiland
/
swarm-nat
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

implement $ingress_address and actually add rules

Browse Source 
This commit adds Get-DockerIngressAddress
master
lub 5 years ago
parent 284c415076
commit 08491dcbba
2 changed files with 37 additions and 44 deletions
Show Stats Download Patch File Download Diff File

2
example.yml
Unescape Escape View File

@ -22,6 +22,8 @@ services:
protocol: udp
mode: ingress
- target: 30033
published: "145.239.119.128:55123"
protocol: udp
mode: ingress
volumes:
- "/gluster/docker/gamemodeon-teamspeak_teamspeak/var/ts3server/:/var/ts3server/"

79
expose_forwards.ps1
Unescape Escape View File

@ -82,6 +82,14 @@ function Add-IptablesRule {
}
}
}
function Get-DockerIngressAddress {
param (
[string]$BridgeDevice = 'docker_gwbridge'
)
$bridge = docker network inspect $BridgeDevice | ConvertFrom-Json
$bridge.Containers.{ingress-sbox}.IPv4Address -replace '/.*'
}
# setup SWARM-NAT chain
$chain = 'SWARM-NAT'
@ -90,6 +98,9 @@ Add-IptablesChain -Chain $chain
Add-IptablesRule -Chain 'PREROUTING' -Rule '-m','addrtype','--dst-type','LOCAL','-j',$chain
$ingress_address = Get-DockerIngressAddress
foreach($yaml in (Get-ChildItem -Filter '*.yml')) {
Write-Output ('Processing {0}' -f $yaml)
$definition = Get-Content -Path $yaml -Raw | ConvertFrom-Yaml
@ -97,9 +108,9 @@ foreach($yaml in (Get-ChildItem -Filter '*.yml')) {
foreach($port in $definition.services.Values.ports) {
$nat = @{
protocol = $null
public_ip = $null
public_port = $null
internal_port = $null
ip = $null
port = $null
published_port = $null
}
if($port.Count -eq 4) {
@ -107,16 +118,16 @@ foreach($yaml in (Get-ChildItem -Filter '*.yml')) {
$published_splitted = $port.published -split ':'
$nat.protocol = $port.protocol
$nat.public_ip = $published_splitted[0]
$nat.public_port = $port.target
$nat.internal_port = $published_splitted[1]
$nat.ip = $published_splitted[0]
$nat.port = $port.target
$nat.published_port = $published_splitted[1]
} else {
#short form
$ports_splitted = $port -split ':'
$nat.public_ip = $ports_splitted[0]
$nat.public_port = $ports_splitted[2]
$nat.internal_port = $ports_splitted[1]
$nat.ip = $ports_splitted[0]
$nat.port = $ports_splitted[2]
$nat.published_port = $ports_splitted[1]
}
if(!$nat.protocol) {
@ -132,40 +143,20 @@ foreach($yaml in (Get-ChildItem -Filter '*.yml')) {
continue
}
if($nat.internal_port -ne $nat.public_port) {
Write-Output ('Additional NAT rule required, because published {0} and target {1} differ' `
-f $nat.internal_port,$nat.public_port)
$nat.protocol
$nat.public_ip
$nat.public_port
$nat.internal_port
if($nat.published_port -ne $nat.port) {
Write-Output ('Additional NAT rule required, because published_port {0} and target {1} differ' `
-f $nat.published_port,$nat.port)
Write-Output ('Add rule for {0}:{1}' -f $nat.ip,$nat.port)
$rule = @(
'-p','tcp'
'-m','tcp'
'--destination',$nat.ip
'--dport',$nat.port
'-j','DNAT'
'--to-destination','"{0}:{1}"' -f $ingress_address,$nat.port
)
Add-IptablesRule -Chain $chain -Rule $rule
}
}
}
#TODO: port from bash
bridge=$(
docker network inspect docker_gwbridge \
--format '{{(index .Containers "ingress-sbox").IPv4Address}}' \
| cut -d'/' -f1
)
internal_port=30000
public_port=30001
destination='145.239.119.128'
rule="-p tcp -m tcp --destination ""${destination}"" --dport ""${public_port}""
-j DNAT --to-destination ""${bridge}:${internal_port}"""
if ! iptables -t nat -C SWARM-NAT $rule > /dev/null; then
Write-Output "Add rule for NAT from ${destination}:${public_port} to ${bridge}:${internal_port}"
iptables -t nat -A SWARM-NAT $rule
else
Write-Output "Rule for NAT from ${destination}:${public_port} to ${bridge}:${internal_port} already exists"
fi
}
Write Preview
Loading…
Cancel
Save