NAT or IP Port forwarding from container

Hi

I want to access local web-server behind Belea OS using public URL provided by Balena.

Setup
Device with webserver (192.168.100.20)----- (192.169.100.1) eth0 Baleba : Balena wlan0 (DHCP dynamic IP) ----- local wifi ----internet ---- browser

Can someone please guide on how we can achive NAT/Port forwarding? I tried software approach wherein simple java socket program binds to the incoming socket and opens other TCP connection in forward direction but this is very slow (I need to deploy this on raspberry pi 3).

This works perfectly fine on raspberrian using iptables -j DNAT.
iptables -A PREROUTING -t nat -i wlan0 -p tcp --dport 80 -j DNAT --to 192.168.100.20:8080
iptables -A FORWARD -p tcp -d 192.168.100.20 --dport 8080 -j ACCEPT

However, on Balena OS, DOCKER rules take precedence

Hi, if you mean port-forwarding within the container, we have a way to do so in the docs.
Otherwise, could you be a bit more specific about what you’re trying to achieve? As in - what do you need port forwarding for, where from and where to?

Re-reading your post though, I forgot to mention that if you need to expose ports for some reason, you can do so also following the networking docs here

Thanks for reverting but iptables -t nat does catch filter as it is overruled by DOCKER. Hence iptables can not be used to achieve what I am seeking - well unless you play with DOCKER. But disturbing DOCKER for this is not a intent.

No issue with public URL. It works perfectly fine. Question is about IP forwarding (NAT) not just port translation. I am able to do so using java program running in container on Balena OS but for obvious reasons, it is slow (Software opening multiple sockets and threads). There has to be some simpler way to achieve this.

I am able to solve problem by blocking packet forwarding to docker (remove all iptable rules related to docker and then customizing them)

iptables -t -nat -F PREROUTING

iptables -t -nat -A PREROUTING -i resin-vpn -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.100.20:8080

Thanks for sharing, I’m glad you managed to find a solution!