您好我已经设置并启动了一个docker容器。当我访问此容器并执行ifconfig时,这就是我得到的:
eth0 Link encap:Ethernet HWaddr 02:42:0a:32:00:02
inet addr:10.50.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:387 errors:0 dropped:0 overruns:0 frame:0
TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:73801 (73.8 KB) TX bytes:1572 (1.5 KB)
eth0:1 Link encap:Ethernet HWaddr 02:42:0a:32:00:02
inet addr:10.50.1.1 Bcast:10.50.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0:2 Link encap:Ethernet HWaddr 02:42:0a:32:00:02
inet addr:10.50.1.2 Bcast:10.50.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth0:3 Link encap:Ethernet HWaddr 02:42:0a:32:00:02
inet addr:10.50.1.3 Bcast:10.50.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
我可以通过主机(eth0及其虚拟ips)完美地ping那些地址
在主机上,这是ifconfig输出
br-dfd292823ec9 Link encap:Ethernet HWaddr 02:42:1b:2b:32:c3
inet addr:10.50.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:1bff:fe2b:32c3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:320 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1320 (1.3 KB) TX bytes:65375 (65.3 KB)
docker0 Link encap:Ethernet HWaddr 02:42:93:9a:5c:ea
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:93ff:fe9a:5cea/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:2967 (2.9 KB)
eth0 Link encap:Ethernet HWaddr ec:b1:d7:56:9d:88
inet addr:10.250.1.49 Bcast:10.250.255.255 Mask:255.255.0.0
inet6 addr: fe80::f784:a7df:5e4e:ce2f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:270248 errors:0 dropped:0 overruns:0 frame:0
TX packets:113084 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:208274777 (208.2 MB) TX bytes:67211395 (67.2 MB)
Interrupt:20 Memory:f7d00000-f7d20000
eth1 Link encap:Ethernet HWaddr 68:05:ca:3e:0c:f3
inet addr:192.168.108.222 Bcast:192.168.109.255 Mask:255.255.254.0
inet6 addr: fe80::8f37:3338:32cf:ba39/64 Scope:Link
inet6 addr: 2620:2c:40c0:c00:2d9e:8857:7d24:f4ee/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:94805 errors:0 dropped:1 overruns:0 frame:0
TX packets:19184 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:36493713 (36.4 MB) TX bytes:4842334 (4.8 MB)
Interrupt:19 Memory:f7cc0000-f7ce0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:11023 errors:0 dropped:0 overruns:0 frame:0
TX packets:11023 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:1730700 (1.7 MB) TX bytes:1730700 (1.7 MB)
veth06b2b8e Link encap:Ethernet HWaddr 8e:96:03:60:49:5c
inet6 addr: fe80::8c96:3ff:fe60:495c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:392 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1572 (1.5 KB) TX bytes:74749 (74.7 KB)
现在我试图从与主机在同一网络中的其他机器上ping这些容器地址(10.50.0.2,10.50.1.1,...)并添加到它们的路由以使用主机作为gw访问10.50.0.0/16网络,但我无法ping泊坞机容器IP。我正在使用docker 17 ce和ubuntu 16。
答案 0 :(得分:1)
所以我找到了解决问题的方法。事实证明,通过sudo iptables -L -n我找到了以下
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
所以FORWARD策略设置为DROP,意味着没有流量转发到我的docker容器,然后我sudo iptables -P FORWARD ACCEPT并解决了我的问题。