From 3b65be9127865fd894edea4d0b7de0ab92421018 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Thu, 4 Apr 2013 01:32:46 +0300
Subject: [PATCH 1/2] Fix NAT problem with ports looping back to containers

---
 network.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/network.go b/network.go
index c050609d16..6019f9f235 100644
--- a/network.go
+++ b/network.go
@@ -98,7 +98,7 @@ type PortMapper struct {
 
 func (mapper *PortMapper) cleanup() error {
 	// Ignore errors - This could mean the chains were never set up
-	iptables("-t", "nat", "-D", "PREROUTING", "-j", "DOCKER")
+	iptables("-t", "nat", "-D", "PREROUTING", "-m", "addrtype", "--dst-type", "LOCAL", "-j", "DOCKER")
 	iptables("-t", "nat", "-D", "OUTPUT", "-j", "DOCKER")
 	iptables("-t", "nat", "-F", "DOCKER")
 	iptables("-t", "nat", "-X", "DOCKER")
@@ -110,7 +110,7 @@ func (mapper *PortMapper) setup() error {
 	if err := iptables("-t", "nat", "-N", "DOCKER"); err != nil {
 		return fmt.Errorf("Failed to create DOCKER chain: %s", err)
 	}
-	if err := iptables("-t", "nat", "-A", "PREROUTING", "-j", "DOCKER"); err != nil {
+	if err := iptables("-t", "nat", "-A", "PREROUTING", "-m", "addrtype", "--dst-type", "LOCAL", "-j", "DOCKER"); err != nil {
 		return fmt.Errorf("Failed to inject docker in PREROUTING chain: %s", err)
 	}
 	if err := iptables("-t", "nat", "-A", "OUTPUT", "-j", "DOCKER"); err != nil {

From 32f58114766886fc38b66949bc3c0625dc225ade Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Thu, 4 Apr 2013 22:56:37 +0300
Subject: [PATCH 2/2] stop looping remote:port from host to containers

---
 network.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/network.go b/network.go
index 6019f9f235..6576e5fa9a 100644
--- a/network.go
+++ b/network.go
@@ -99,7 +99,7 @@ type PortMapper struct {
 func (mapper *PortMapper) cleanup() error {
 	// Ignore errors - This could mean the chains were never set up
 	iptables("-t", "nat", "-D", "PREROUTING", "-m", "addrtype", "--dst-type", "LOCAL", "-j", "DOCKER")
-	iptables("-t", "nat", "-D", "OUTPUT", "-j", "DOCKER")
+	iptables("-t", "nat", "-D", "OUTPUT", "-m", "addrtype", "--dst-type", "LOCAL", "-j", "DOCKER")
 	iptables("-t", "nat", "-F", "DOCKER")
 	iptables("-t", "nat", "-X", "DOCKER")
 	mapper.mapping = make(map[int]net.TCPAddr)
@@ -113,7 +113,7 @@ func (mapper *PortMapper) setup() error {
 	if err := iptables("-t", "nat", "-A", "PREROUTING", "-m", "addrtype", "--dst-type", "LOCAL", "-j", "DOCKER"); err != nil {
 		return fmt.Errorf("Failed to inject docker in PREROUTING chain: %s", err)
 	}
-	if err := iptables("-t", "nat", "-A", "OUTPUT", "-j", "DOCKER"); err != nil {
+	if err := iptables("-t", "nat", "-A", "OUTPUT", "-m", "addrtype", "--dst-type", "LOCAL", "-j", "DOCKER"); err != nil {
 		return fmt.Errorf("Failed to inject docker in OUTPUT chain: %s", err)
 	}
 	return nil