I user "iptables": false
option in docker daemon config:
/etc/docker/daemon.json:
{
"iptables": false
}
I run service with options --publish mode=host
, --mode=global
similar to this approach.
But when I get X-Real-IP
header in my application its value is 172.18.0.1
but not real user ip.
When I start Docker daemon without "iptables": false
in /etc/docker/daemon.json
all works fine and I get real user ip.
But I need to set "iptables": false
to preserve iptables changes with Docker.
Is it possible to get real user ip with "iptables": false
in Docker daemon configuration?
See the rules that Docker creates without "iptables": true
and replicate them with "iptables": false
(which is the default).
These rules in particular are needed to masquerade the IP:
iptables -t nat -A POSTROUTING -m addrtype --src-type LOCAL -o docker0 -j MASQUERADE
iptables -t nat -s 172.18.0.0/16 ! -o docker0 -j MASQUERADE