我已经发布了四个从容器到主机的端口,但是其中只有三个(8080、33099、37017)可以访问。这是docker容器的外观:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cdbc07f875ea test:latest "bash" 35 minutes ago Up 35 minutes 0.0.0.0:8080->8080/tcp, 0.0.0.0:33098-33099->33098-33099/tcp, 0.0.0.0:37017->37017/tcp test1
docker主机上的iptables:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:37017
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:33099
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:33098
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:http-alt
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
DNAT tcp -- anywhere anywhere tcp dpt:37017 to:172.17.0.2:37017
DNAT tcp -- anywhere anywhere tcp dpt:33099 to:172.17.0.2:33099
DNAT tcp -- anywhere anywhere tcp dpt:33098 to:172.17.0.2:33098
DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.17.0.2:8080
任何想法,为什么33098端口无法访问?