coreos@coreos-1 ~ $ sudo iptables -L -n --line-numbers -t nat Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1 CATTLE_PREROUTING all -- 0.0.0.0/0 0.0.0.0/0 2 DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 CATTLE_POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0 2 MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0 3 MASQUERADE udp -- 172.17.0.4 172.17.0.4 udp dpt:4500 4 MASQUERADE udp -- 172.17.0.4 172.17.0.4 udp dpt:500 Chain CATTLE_POSTROUTING (1 references) num target prot opt source destination 1 ACCEPT all -- 10.42.0.0/16 169.254.169.250 2 MASQUERADE tcp -- 10.42.0.0/16 !10.42.0.0/16 masq ports: 1024-65535 3 MASQUERADE udp -- 10.42.0.0/16 !10.42.0.0/16 masq ports: 1024-65535 4 MASQUERADE all -- 10.42.0.0/16 !10.42.0.0/16 5 SNAT all -- !10.42.0.0/16 169.254.169.250 mark match 0xdf30 to:10.42.57.136 6 SNAT all -- !10.42.0.0/16 169.254.169.250 mark match 0x20fdb to:10.42.135.131 7 SNAT all -- !10.42.0.0/16 169.254.169.250 mark match 0xdb2b to:10.42.56.107 8 MASQUERADE tcp -- 172.17.0.0/16 0.0.0.0/0 masq ports: 1024-65535 9 MASQUERADE udp -- 172.17.0.0/16 0.0.0.0/0 masq ports: 1024-65535 Chain CATTLE_PREROUTING (1 references) num target prot opt source destination 1 MARK all -- !10.42.0.0/16 169.254.169.250 MAC 02:0A:72:45:EA:D6 MARK set 0xdf30 2 MARK all -- !10.42.0.0/16 169.254.169.250 MAC 02:0A:72:95:8D:4D MARK set 0x20fdb 3 MARK all -- !10.42.0.0/16 169.254.169.250 MAC 02:0A:72:94:49:FE MARK set 0xdb2b Chain DOCKER (2 references) num target prot opt source destination 1 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 to:172.17.0.4:4500 2 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500 to:172.17.0.4:500