Docker and UFW with real IP

I have a docker setup which disabled its default behaviour of tampering with iptables. So all works perfectly fine that I can allow or block specific port to outside world by specifying rule on ufw. Until I found the problem of not able to access the real IP of client accessing the website. All I see is inside my container which is the IP docker0 network.

I found a solution that asked me to add the below to my iptables

  • Automatically append docker container to upstream config of nginx load balancer
  • VirtualBox and Nginx very slowly serving cached static JS and CSS files
  • What are the differences between sharing a dockerfile on git and sharing a docker container?
  • Restart failed Selenium browser
  • Can a container with STATUS “Exited (-1)” be fixed?
  • docker exec: rpc error: code = 2 desc = oci runtime error: exec failed
  • iptables -t nat -A PREROUTING ! -i docker0 -p tcp --dport 80 -j DNAT --to-destination

    where is the IP of proxy container. Now the problem is this IP tend to change if it happen to reboot and then my rule will no longer be valid.

    Is there any elegant way of solving this issue without going in the route of assigning static IP to containers if at all it is possible.

    Let me know if you need to see any more details of my setup. I am happy to post them.

  • Get the right domain name in Eureka on Docker
  • Beginners guide for Mesos, Marathon, Docker Integration [closed]
  • What happens if docker container requires kernel features not provided by host?
  • Ubuntu: Cronjob for renew cerbot certificates
  • Modifying and rebuilding a Docker image
  • Access Docker forwarded port on Mac
  • One Solution collect form web for “Docker and UFW with real IP”

    You can try running dockerd without the userland proxy, which is the process that masks the IP.


    There are various issues in doing that though.

    Otherwise routing “real” IP’s to containers is the cleanest solution.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.