IP Spoofing with a docker container using IPTables

Hello,

In this article, I will show you how to spoof an IP address instead of source IP address of a docker container using IPTables.

I have 2 virtual machine running on oracle virtual box.

centos1(192.168.1.15) and centos2(192.168.1.75).

I hit the command below on centos2 and a centos container is up.

docker run -it docker.io/halukk/centos bash

and on another session on centos2 I added a firewall rule with the command below.

# iptables -t nat -L PREROUTING 1 -s 172.17.0.0/16 -j SNAT --to-source 192.168.1.214

In this command I will change source IP address section of IP packages coming from containers(172.17.0.0/16) with the address 192.168.1.214.

In the container session, I ping centos1 server and tcpdump analysis shows me the IP address coming on 192.168.1.214 .

You can see the IP address changed as 192.168.1.214 instead of 192.168.1.75 . On machine to machine traffic you can see the Ip address of centos2 machine.

If you want to take a pong to your icmp request you should configure routing on centos1 machine to route 192.168.1.214 traffic to 192.168.1.75 .

# route add 192.168.1.214 gw 192.168.1.75