我有一个在Synology DS918 +上运行的MariaDB docker容器,并将流量从容器端口3306重定向到外部端口3333
当我看到它如何绑定到端口时,这似乎与我为不在docker上运行的另一项服务的工作示例有所不同
工作:
ash-4.3# netstat -nao | grep 5000
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN off (0.00/0/0)
tcp6 0 0 :::5000 :::* LISTEN
不起作用:
ash-4.3# netstat -nao | grep 3333
tcp6 0 0 :::3333 :::* LISTEN off (0.00/0/0)
当我尝试从笔记本电脑访问运行docker的远程计算机的端口3333时,问题是当尝试从计算机本身内部访问计算机的私有IP时,此操作失败
在这里感谢任何帮助
答案 0 :(得分:0)
To clarify, although your docker is only binding to the ipv6 interface(“:::”) not the ipv4(“0.0.0.0”), Docker forbids a loopback connection to its docker-proxy from the host. I believe this also fails in all networking modes.
If you’re connecting from container to another container, use the container name via the docker-dns and private LAN. For example, if your MariaDB container is named “maria”, I believe docker’s DNS on 127.0.0.11 offers a lookup for the name “maria” to a 172...* ipv4 to which other containers may connect if in the same 172.{subnet}../16 as your MariaDB host. Connect to “maria” in another container and the tcp magically gets to the right place.
If you’re trying to connect from the docker host to a container, this is a problem that I have resigned to proxying off my router in a hairpin NAT to the same upnp ports that I’ve exported via External Access on Synology, which feels like a poor solution but works today.