在Linux云VPS中再分小鸡出来（docker版）

在docker创建ubuntu22.04系统容器

1：创建网络

docker network create --driver bridge --subnet=10.247.88.0/24 net88 docker network ls

2：建立容器

nano docker-compose.yml

services: aapanel: container_name: 10.247.88.2 image: ubuntu:22.04 restart: unless-stopped volumes: - ./root:/root - ./www:/www networks: net88: ipv4_address: 10.247.88.2 tty: true command: /bin/bash -c "mkdir -p /run/sshd || /usr/sbin/sshd -D || tail -f /dev/null" networks: net88: external: true

3：启动容器

docker compose down docker compose up -d docker ps

4：进入容器操作

docker exec -it 10.247.88.2 bash

mkdir -p ~/.ssh&&echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINczVrP1nQt56KrtY0zFDRYvNGjMVS2MphwNWXH5j7yg xixi-ed25519-20240206'>>~/.ssh/authorized_keys&&cat ~/.ssh/authorized_keys passwd apt update apt install openssh-server nano

5： 将主机的 22 端口映射到容器的 22 端口

iptables -t nat -F iptables -t nat -A POSTROUTING -s 10.247.88.2 -j SNAT --to-source 154.12.247.88 iptables -t nat -A PREROUTING -p tcp -d 154.12.247.88 --dport 22 -j DNAT --to-destination 10.247.88.2:22

防火墙持久化

1：保存防火墙配置文件

iptables-save > /etc/network/iptables.up.rules

2:配置防火墙服务

nano /etc/systemd/system/iptables-load.service

[Unit] Description=Load iptables rules [Service] Type=oneshot ExecStart=/sbin/iptables-restore /etc/network/iptables.up.rules RemainAfterExit=yes [Install] WantedBy=multi-user.target

3：安装防火墙服务

systemctl daemon-reload systemctl enable iptables-load.service systemctl start iptables-load.service