How to access Weave DNS-Server from external?

Question

I use the Weave network plugin on a Docker-Swarm.

I created a docker network with a specific IP-Range, different from the default Weave Network, to which I route from my internal network.

To make the containers even better accessible I use weave to attach DNS names like containername.auto.mycompany.de. Now I want to access those from my company Network. The Problem is, that weave only allows access to the weave DNS from the local host.

Like on one of my swarm nodes i can do:

host foobar.auto.mycompany.de 172.17.0.1
Using domain server:
Name: 172.17.0.1
Address: 172.17.0.1#53
Aliases: 

foobar.auto.mycompany.de has address 10.40.13.3
Host foobar.auto.mycompany.de not found: 3(NXDOMAIN)
Host foobar.auto.mycompany.de not found: 3(NXDOMAIN)

But I don't find a way to make the weave container accessible on one of the IP's from this (10.40.130/24) docker network or expose the port to the swarm node.

The only way I can think of, but don't like, is doing something like this:

iptables -t nat -A  DOCKER -p tcp --dport 53 -j DNAT --to-destination 172.17.0.1:53

(this does not work, it's just the idea)

Or tamper with the weave script to make it expose the port on start of the weave container.

Does anybody know of a better solution?

Answer 1

In fact setting the rules

iptables -A DOCKER -p tcp -m tcp --dport 53 -j DNAT --to-destination 172.17.0.1:53
iptables -A DOCKER -p udp -m udp --dport 53 -j DNAT --to-destination 172.17.0.1:53

does it. When I first tried that, I simply missed to see, that my request would have come from "outside" the server to work, not from inside to the loopback device.

Still not a pretty solution but it does the job. I'm looking forward to see better solutions from you guys.

(Bounty stands!)