feat: switch to iptables-legacy due to nftables incompatiblility on w…

…indows machines
qoomon · Jul 16, 2024 · af172e0 · af172e0
1 parent 51001d8
commit af172e0
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 10 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -3,7 +3,8 @@ FROM alpine:3.20.1
 
 RUN apk --no-cache upgrade \
  && apk --no-cache add  \
-    nftables \
+    # nftables \
+    iptables iptables-legacy \
     libcap
 
 COPY ./entrypoint.sh /

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -69,24 +69,34 @@ echo "Docker Host: $docker_host_ip ($docker_host_source)"
 PORTS="${PORTS:-"1-65535"}"
 PORTS="$(echo ${PORTS//,/ })"
 
-nft add table nat
-nft add chain nat prerouting  { type nat hook prerouting  priority -100 \; }
-nft add chain nat postrouting { type nat hook postrouting priority  100 \; }
+# nft add table nat
+# nft add chain nat prerouting  { type nat hook prerouting  priority -100 \; }
+# nft add chain nat postrouting { type nat hook postrouting priority  100 \; }
 
 echo "Forwarding ports: ${PORTS// /, }"
 for forwarding_port in $PORTS
 do
   docker_container_port="${forwarding_port%%:*}"
   docker_host_port="${forwarding_port#*:}"
 
-  nft add rule nat prerouting tcp \
-    dport "${docker_container_port}" dnat to "$docker_host_ip:$docker_host_port"
-  nft add rule nat prerouting udp \
-    dport "${docker_container_port}" dnat to "$docker_host_ip:$docker_host_port"
-
+  # nft add rule nat prerouting tcp \
+  #   dport "${docker_container_port}" \
+  #   dnat to "$docker_host_ip:$docker_host_port"
+  iptables-legacy --table nat --insert PREROUTING \
+    --protocol tcp --destination-port "${docker_container_port/-/:}" \
+    --jump DNAT --to-destination "$docker_host_ip:$docker_host_port"   
+
+  # nft add rule nat prerouting udp \
+  #   dport "${docker_container_port}" \
+  #   dnat to "$docker_host_ip:$docker_host_port"
+  iptables-legacy --table nat --insert PREROUTING \
+    --protocol udp --destination-port "${docker_container_port/-/:}" \
+    --jump DNAT --to-destination "$docker_host_ip:$docker_host_port"
 done
 
-nft add rule nat postrouting masquerade
+# nft add rule nat postrouting masquerade
+iptables-legacy --table nat --insert POSTROUTING --jump MASQUERADE
+
 
 # --- Drop root access and "Ah, ha, ha, ha, stayin' alive" ---------------------