配置默认网关后,docker容器无法连通内网
问题描述
我在机房内有一台机器,主要ip段是10.15.196.0/24,因为这个段没法访问互联网,所以接了另一个路由器192.168.1.0/24的网线,设置默认网关为后可以在物理机同时访问公网和内网。
route -n 路由规则如下
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eno2d1
0.0.0.0 10.15.196.1 0.0.0.0 UG 100 0 0 brq32d4f2b2-cc
10.15.196.0 0.0.0.0 255.255.255.0 U 0 0 0 brq32d4f2b2-cc
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eno2d1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.250.0 0.0.0.0 255.255.255.0 U 0 0 0 br-ea0910c5cdecip a 结果如下
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master brq32d4f2b2-cc state UP group default qlen 1000
link/ether bc:97:e1:d7:45:c0 brd ff:ff:ff:ff:ff:ff
3: eno2d1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether bc:97:e1:d7:45:c1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.141/24 brd 192.168.1.255 scope global eno2d1
valid_lft forever preferred_lft forever
4: enp134s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether bc:97:e1:74:cd:a0 brd ff:ff:ff:ff:ff:ff
5: enp134s0f1d1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether bc:97:e1:74:cd:a1 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:7f:98:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:7f:98:24 brd ff:ff:ff:ff:ff:ff
8: brq32d4f2b2-cc: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether bc:97:e1:d7:45:c0 brd ff:ff:ff:ff:ff:ff
inet 10.15.196.125/24 brd 10.15.196.255 scope global brq32d4f2b2-cc
valid_lft forever preferred_lft forever
9: tap1ff27519-a6@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master brq32d4f2b2-cc state UP group default qlen 1000
link/ether da:6d:e3:8f:4c:df brd ff:ff:ff:ff:ff:ff link-netnsid 0
13: tapf9b3f331-df: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq32d4f2b2-cc state UNKNOWN group default qlen 1000
link/ether fe:16:3e:99:bd:11 brd ff:ff:ff:ff:ff:ff
14: tap553bd9a3-1b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq32d4f2b2-cc state UNKNOWN group default qlen 1000
link/ether fe:16:3e:e0:90:e9 brd ff:ff:ff:ff:ff:ff
15: tap62f0d099-ba: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq32d4f2b2-cc state UNKNOWN group default qlen 1000
link/ether fe:16:3e:e8:e6:ff brd ff:ff:ff:ff:ff:ff
24: tap916aecbd-34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq32d4f2b2-cc state UNKNOWN group default qlen 1000
link/ether fe:16:3e:80:68:df brd ff:ff:ff:ff:ff:ff
25: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:68:da:d1:01 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
30: br-ea0910c5cdec: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:61:51:07:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.250.1/24 brd 192.168.250.255 scope global br-ea0910c5cdec
valid_lft forever preferred_lft forever
inet6 2001:db8:10::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::42:61ff:fe51:7e3/64 scope link
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link
valid_lft forever preferred_lft forever但我安装docker容器后,假设是nginx容器,宿主机8080->容器80端口,在宿主机内访问结果如下:
curl 127.0.0.1:8080 通
curl 0.0.0.0:8080 通
本机ip是10.15.196.125
curl 10.15.196.125:8080 不通
从另一台物理机126访问
curl 10.15.196.125:8080 通总之就是无法通过10段访问容器内服务,在容器内也无法ping通10段其他机器
猜测
难道是默认网关的设置问题吗?因为感觉iptables也没啥别的毛病,我在网上搜到好多人说要升级linux内核,但我内核已经是比较新的了。
求解答,谢谢您!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
十有八九是 iptables 规则的问题,把你的包 DROP 了
宿主机上在 curl 前后,敲 iptables -t filter -nvL 试试