我在docker-compose文件中定义了docker容器,并开始将docker-compose与映射端口一起使用。
主机具有两个具有不同IP的网络接口。
interface-1 -> connects to the internet
interface-2 -> Connect to the LAN
我能够通过interface-1连接到docker容器,但是当我尝试使用interface-2时,连接失败:
尝试使用curl 10.0.0.4:8222进行连接会触发以下
无法连接到10.0.0.4端口8222:网络无法访问
发出netstat -tulpn表示主机正在侦听映射的端口
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN -
tcp6 0 0 :::139 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::13306 :::* LISTEN -
tcp6 0 0 :::8989 :::* LISTEN -
tcp6 0 0 :::445 :::* LISTEN -
tcp6 0 0 :::8222 :::* LISTEN -
docker-compose ps显示:
hmis /entrypoint supervisord Up 443/tcp, 0.0.0.0:8222->80/tcp, 9000/tcp
webdev_mysql_1 /entrypoint supervisord Up 0.0.0.0:13306->3306/tcp, 443/tcp, 80/tcp, 9000/tcp
webdev_phpmyadmin_1 /run.sh supervisord -n Up 0.0.0.0:8989->80/tcp, 9000/tcp
以下是iptables规则:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:mysql
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:http
ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:http
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
路由表输出:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 199.111.62.9 0.0.0.0 UG 0 0 0 eno1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno2
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-f03404013814
199.211.62.8 0.0.0.0 255.255.255.248 U 0 0 0 eno1