The rule goes as follows:
iptables -t nat -A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE
Why the ! -d 10.0.3.0/24
part? I thought it’s to suppress NAT for intercontainer communication, but:
iptables -t nat -A POSTROUTING -s 10.0.3.0/24 -j MASQUERADE
makes no visible difference. I run
tcpdump icmp
in one container (10.0.3.1
),
ping -c 10.0.3.2
in the other one (10.0.3.2
). And tcpdump
says:
10.0.3.2