docker中的pptpd在容器重启后停止工作

时间:2015-06-28 05:44:24

标签: docker pptp

我通过此Dockerfile

构建了一个泊坞窗图片
#
# Dockerfile for pptpd
#

FROM debian:jessie
MAINTAINER kev<noreply@datageek.info>

RUN apt-get update \
    && apt-get install -y iptables pptpd \
    && rm -rf /var/lib/apt/lists/*

COPY pptpd.conf    /etc/
COPY chap-secrets  /etc/ppp/
COPY pptpd-options /etc/ppp/

EXPOSE 1723

CMD iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE \
    && pptpd --fg
重启前

$ docker pull vimagick/pptpd
$ docker run -d --name pptpd_pptpd_1 -p 1723:1723 --privileged vimagick/pptpd
$ tcpdump -ni eth0 proto gre

13:21:16.877858 IP 1.2.3.4 > 5.6.7.8: GREv1, call 16501, seq 0, length 40: LCP, Conf-Request (0x01), id 1, length 26
13:21:16.944894 IP 5.6.7.8 > 1.2.3.4: GREv1, call 512, seq 0, length 40: LCP, Conf-Request (0x01), id 1, length 26
13:21:16.945002 IP 1.2.3.4 > 5.6.7.8: GREv1, call 16501, seq 1, ack 0, length 44: LCP, Conf-Ack (0x02), id 1, length 26
13:21:16.945932 IP 5.6.7.8 > 1.2.3.4: GREv1, call 512, seq 1, length 25: LCP, Conf-Nack (0x03), id 1, length 11
13:21:16.946006 IP 1.2.3.4 > 5.6.7.8: GREv1, call 16501, seq 2, ack 1, length 45: LCP, Conf-Request (0x01), id 2, length 27
13:21:16.984018 IP 5.6.7.8 > 1.2.3.4: GREv1, call 512, seq 2, length 41: LCP, Conf-Ack (0x02), id 2, length 27
13:21:16.984224 IP 1.2.3.4 > 5.6.7.8: GREv1, call 16501, seq 3, ack 2, length 26: LCP, Echo-Request (0x09), id 0, length 10
重启后

$ docker restart pptpd_pptpd_1
$ tcpdump -ni eth0 proto gre

13:31:32.071308 IP 5.6.7.8 > 1.2.3.4: GREv1, call 256, seq 0, length 40: LCP, Conf-Request (0x01), id 1, length 26
13:31:35.123217 IP 5.6.7.8 > 1.2.3.4: GREv1, call 256, seq 1, length 40: LCP, Conf-Request (0x01), id 1, length 26
13:31:40.112179 IP 5.6.7.8 > 1.2.3.4: GREv1, call 256, seq 2, length 40: LCP, Conf-Request (0x01), id 1, length 26
13:31:41.111172 IP 5.6.7.8 > 1.2.3.4: GREv1, call 256, seq 3, length 40: LCP, Conf-Request (0x01), id 1, length 26
  • 服务器:
    • eth0:1.2.3.4
    • docker0:192.168.42.1
  • 客户:5.6.7.8

我注意到重启后容器的IP改变了(192.168.42.2 - > 192.168.42.3)。
我启用/禁用防火墙,结果是一样的 我是否需要iptables规则才能让它再次运行?谢谢!

更新:我可以附加--net host选项来解决此问题。

1 个答案:

答案 0 :(得分:1)

当我编辑/etc/default/ufw时,它会给我一些提示:

# Extra connection tracking modules to load. Complete list can be found in
# net/netfilter/Kconfig of your kernel source. Some common modules:
# nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support
# nf_conntrack_netbios_ns: NetBIOS (samba) client support
# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
# nf_conntrack_ftp, nf_nat_ftp: active FTP support
# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"

在我运行以下命令后,每件事情都恢复正常。

modprobe nf_conntrack_pptp nf_nat_pptp