看下docker中是怎么配置的網絡

在虛機中訪問外網：設定了qemu，在主機上添加路由：sudo iptables -t nat -I POSTROUTING -s 192.168.1.110 -j SNAT --to-source 192.168.0.108

設置了這句話就可以訪問外網了。

設置了兩個虛擬機：

tap0 (192.168.129.1) --->

tap1 (192,168.130.1) --->

增加nat的NAT的表項設置： sudo iptables -t nat -I POSTROUTING -s 192.168.128.0/20 -j SNAT --to-source 192.168.0.108

同時去訪問我的云主機：121.X.X.X，從兩個主機中都能ping得通，這說明在NAT記錄了這個地址，記錄著

兩個典型包：

192.168.129.110 --->云主機?? ( 192.168.0.108 ---> 云主機)

192.168.130.110 --->云主機?? ( 192.168.0.108 ---> 云主機)

NAT內部是怎么記錄的這個轉換？是記錄咋的？從云主機IP中回來了一個包，目的地址是192.168.0.108，怎么分別分流到 192.168.129.110 和 192.168.130.110 兩個 IP地址中。

難道是端口的信息在里面？接受數據包的流程

#0 icmp_rcv (skb=0xffff88007c9efc00) at net/ipv4/icmp.c:973 #1 0xffffffff816d97af in ip_local_deliver_finish (net=0xffffffff81ed8680 <init_net>, sk=<optimized out>, skb=0xffff88007c9efc00) at net/ipv4/ip_input.c:216 #2 0xffffffff816d9e45 in NF_HOOK_THRESH (thresh=<optimized out>, okfn=<optimized out>, out=<optimized out>, in=<optimized out>, skb=<optimized out>, sk=<optimized out>, net=<optimized out>, hook=<optimized out>, pf=<optimized out>)at ./include/linux/netfilter.h:232 #3 NF_HOOK (okfn=<optimized out>, out=<optimized out>, in=<optimized out>, skb=<optimized out>, sk=<optimized out>, net=<optimized out>, hook=<optimized out>, pf=<optimized out>)at ./include/linux/netfilter.h:255 #4 ip_local_deliver (skb=0xffff88007c9efc00)at net/ipv4/ip_input.c:257 #5 0xffffffff816d9a7b in dst_input (skb=<optimized out>)at ./include/net/dst.h:507 #6 ip_rcv_finish (net=0xffffffff81ed8680 <init_net>, sk=<optimized out>, skb=0xffff88007c9efc00)at net/ipv4/ip_input.c:396 #7 0xffffffff816da11e in NF_HOOK_THRESH (thresh=<optimized out>, okfn=<optimized out>, out=<optimized out>, in=<optimized out>, skb=<optimized out>, sk=<optimized out>, net=<optimized out>, hook=<optimized out>, pf=<optimized out>)at ./include/linux/netfilter.h:232 #8 NF_HOOK (okfn=<optimized out>, out=<optimized out>, in=<optimized out>, skb=<optimized out>, sk=<optimized out>, net=<optimized out>, hook=<optimized out>, pf=<optimized out>)at ./include/linux/netfilter.h:255 #9 ip_rcv (skb=0xffff88007c9efc00, dev=0xffff88007c530000, pt=<optimized out>, orig_dev=<optimized out>)at net/ipv4/ip_input.c:487 #10 0xffffffff81684eea in __netif_receive_skb_core (skb=0xffff88007c9efc00, pfmemalloc=<optimized out>)at net/core/dev.c:4211 #11 0xffffffff816878cd in __netif_receive_skb (skb=<optimized out>)at net/core/dev.c:4249 #12 0xffffffff8168793d in netif_receive_skb_internal (skb=0xffff88007c9efc00) at net/core/dev.c:4277 #13 0xffffffff81688582 in napi_skb_finish (skb=<optimized out>, ret=<optimized out>) at net/core/dev.c:4626 ---Type <return> to continue, or q <return> to quit--- #14 napi_gro_receive (napi=0xffff88007c530b70, skb=0xffff88007c9efc00)at net/core/dev.c:4658 #15 0xffffffff81532db1 in e1000_receive_skb (skb=<optimized out>, vlan=<optimized out>, status=<optimized out>, adapter=<optimized out>)at drivers/net/ethernet/intel/e1000/e1000_main.c:4035 #16 e1000_clean_rx_irq (adapter=0xffff88007c5308c0, rx_ring=<optimized out>, work_done=<optimized out>, work_to_do=<optimized out>)at drivers/net/ethernet/intel/e1000/e1000_main.c:4491 #17 0xffffffff81531bb0 in e1000_clean (napi=0xffff88007c530b70, budget=64) at drivers/net/ethernet/intel/e1000/e1000_main.c:3836 #18 0xffffffff8168968a in napi_poll (repoll=<optimized out>, n=<optimized out>) at net/core/dev.c:5158 #19 net_rx_action (h=<optimized out>) at net/core/dev.c:5223 #20 0xffffffff8187c0d9 in __do_softirq () at kernel/softirq.c:284 #21 0xffffffff81058f70 in invoke_softirq () at kernel/softirq.c:364 #22 irq_exit () at kernel/softirq.c:405 #23 0xffffffff8187be94 in exiting_irq ()at ./arch/x86/include/asm/apic.h:659 #24 do_IRQ (regs=0xffffc9000006be08) at arch/x86/kernel/irq.c:251 #25 0xffffffff8187a4bf in common_interrupt ()at arch/x86/entry/entry_64.S:520 #26 0xffffc9000006be08 in ?? () #27 0x0000000000000000 in ?? ()

?設置完SNAT后接收icmp包: NAT是

當服務器14.17.88.99回復了一個數據包后(src=14.17.88.99 dst=115.22.112.12)，進入到wan側接口的PRE_ROUTING鏈時，
則在調用其nat相關的hook函數后，會調用函數ip_nat_packet獲取到 origin tuple 值，然后再根據 origin tuple，計算出反方向的tuple，
即為new_tuple.src = 14.17.88.99 new_tuple.dst = 192.168.1.123,然后就會根據這個新的tuple修改其目的ip地址，
修改后的數據包的目的地址即為192.168.1.123 。然后再查找路由，將數據發送到正常的lan口。這就是nat的De-SNAT

?路由地址：

ipt_do_table -->

nf_nat_ipv4_fn

?在nf_nat_ipv4_fn函數中，首先上來是：nf_ct_get，ct: conntrack,　其中涉及到的數據結構有：

ip_conntrace_info / nf_conn_nat

下面的鏈接中有一個，詳細解釋了當設置ＳＮＡＴ之后，出包和進包的一個流程

http://blog.csdn.net/lickylin/article/details/36740207

?

當數據到達路由器的wan0口，進入到PRE_ROUTING時，會先建立一個nf_conn結構，和兩個nf_conntrack_tuple（origin 與reply）

問題

１）prerouting 在哪里？

２）postrouting的代碼在哪里？

nf_conntrack_l3proto_ipv4_init 初始化的啥東西？

鏈接跟蹤正是在相應的函數中注冊了相應的函數：nf_conntrack_l3proto_ipv4_init函數，

ipv4_conntrack_in -->

轉載于:https://www.cnblogs.com/honpey/p/8454236.html

總結

以上是生活随笔為你收集整理的虚机中访问外网；NAT中的POSTROUTING是怎么搞的？的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。