DEV Community 👩‍💻👨‍💻


Posted on

Map running container port to the Host

We recently ran to a situation that we have a running container (MySQL) but we liked to access it from internet and this container didn't have any port mapping between host and container.

We spawn up the container with docker compose

One solution for this situation is to stop the container, remove it and execute docker run with -p <hostPort>:<containerPort> but we didn't want to create new container.
Second solution is using iptables to do the port mapping.
In the following example, you see how we achieved routing calls to the host:3306 to the mysqlContainer:3306.
You should run this on the host machine.

sudo iptables -t nat -A DOCKER -p tcp --dport 3306 -j DNAT --to-destination MysqlContainerIP:3306
sudo iptables -t nat -A POSTROUTING -j MASQUERADE -p tcp --source MysqlContainerIP --destination MysqlContainerIP --dport 3306
sudo iptables -A DOCKER -j ACCEPT -p tcp --destination MysqlContainerIP --dport 3306
Enter fullscreen mode Exit fullscreen mode

Top comments (2)

codingsafari profile image
Nico Braun • Edited on

Nice hack!

My opinion in general is, if you cant afford to throw the container away, and spin up a new one, you probably have other issues in your setup.

I am also not sure if docker wouldnt maybe go about "cleaning" these rules up at some stage. Espeically your last entry which modified the DOCKER chain directly. You may want to put this to DOCKER-USER instead.

corpcubite profile image
Cubite Author

Thank you Nico. Agree, unfortunatly the services were installed by a third party for our customer and they didn't feel comfortable with removing the container and creating new one. We check the DOCKER-USER and update the post.

🌚 Life is too short to browse without dark mode