Docker / Linux网络:尽管有端口转发,连接仍由对等方重置

时间:2019-02-23 22:10:10

标签: linux docker port

我试图建立一个Clojure(Script)应用程序,使其与here中所述的nREPL实例一起在Docker内部运行,我也想在容器内部运行。我使用lein new reagent reagent-docker设置了项目,并且已经使应用程序和REPL服务器都在容器中运行。此时,我唯一的问题是让编辑器(或主机上的任何内容)连接到REPL服务器。当我尝试时,它只会显示“对等方重置连接”。

我可以docker exec -it <container> bash进入容器,并直接从REPL服务器(即curl 127.0.0.1:7002)获得空200响应。但是,当我在主机上尝试相同操作时,即使转发端口,也会收到“连接重置”错误。

要运行容器,我正在做

docker run -it -v "$(pwd)":/app -p 3449:3449 -p 7002:7002 -p 8800:8800 --env port=8800 dclj:latest

并运行REPL:

docker exec -it 61a58e2bc284 lein figwheel

此命令成功运行REPL,我只是无法从主机连接到它。我可以在其他端口上连接到localhost-它可以按照您的期望将应用程序提供给浏览器。

我什至可以看到它转发了所有端口:

$ docker ps | grep dclj
61a58e2bc284        dclj:latest         "/entrypoint.sh"    About a minute ago   Up 59 seconds       0.0.0.0:3449->3449/tcp, 0.0.0.0:7002->7002/tcp, 0.0.0.0:8800->8800/tcp   recursing_dijkstra
$ sudo lsof -i :7002
COMMAND     PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
docker-pr 11326 root    4u  IPv6 1034836      0t0  TCP *:afs3-prserver (LISTEN)

那我为什么不能从主机连接?

我的设置非常简单...

Dockerfile:

FROM 'clojure:openjdk-8-lein'

RUN mkdir /app
WORKDIR /app

COPY ./entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

entrypoint.sh:

lein deps
lein run

定义

Ubuntu 18.04 

$ docker -v
Docker version 18.09.0, build 4d60db4
$ uname -a
Linux toast 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-017e83ed3012 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-017e83ed3012 -j DOCKER
-A FORWARD -i br-017e83ed3012 ! -o br-017e83ed3012 -j ACCEPT
-A FORWARD -i br-017e83ed3012 -o br-017e83ed3012 -j ACCEPT
-A FORWARD -o br-f57f8c94ce2b -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-f57f8c94ce2b -j DOCKER
-A FORWARD -i br-f57f8c94ce2b ! -o br-f57f8c94ce2b -j ACCEPT
-A FORWARD -i br-f57f8c94ce2b -o br-f57f8c94ce2b -j ACCEPT
-A FORWARD -o br-8e1ada369d6a -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-8e1ada369d6a -j DOCKER
-A FORWARD -i br-8e1ada369d6a ! -o br-8e1ada369d6a -j ACCEPT
-A FORWARD -i br-8e1ada369d6a -o br-8e1ada369d6a -j ACCEPT
-A FORWARD -o br-462e387f3e5f -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-462e387f3e5f -j DOCKER
-A FORWARD -i br-462e387f3e5f ! -o br-462e387f3e5f -j ACCEPT
-A FORWARD -i br-462e387f3e5f -o br-462e387f3e5f -j ACCEPT
-A FORWARD -o br-250a9b1ad50c -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-250a9b1ad50c -j DOCKER
-A FORWARD -i br-250a9b1ad50c ! -o br-250a9b1ad50c -j ACCEPT
-A FORWARD -i br-250a9b1ad50c -o br-250a9b1ad50c -j ACCEPT
-A FORWARD -o br-4328b87911ad -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-4328b87911ad -j DOCKER
-A FORWARD -i br-4328b87911ad ! -o br-4328b87911ad -j ACCEPT
-A FORWARD -i br-4328b87911ad -o br-4328b87911ad -j ACCEPT
-A FORWARD -o br-dfe977e76369 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-dfe977e76369 -j DOCKER
-A FORWARD -i br-dfe977e76369 ! -o br-dfe977e76369 -j ACCEPT
-A FORWARD -i br-dfe977e76369 -o br-dfe977e76369 -j ACCEPT
-A FORWARD -o br-b138ef096d95 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-b138ef096d95 -j DOCKER
-A FORWARD -i br-b138ef096d95 ! -o br-b138ef096d95 -j ACCEPT
-A FORWARD -i br-b138ef096d95 -o br-b138ef096d95 -j ACCEPT
-A FORWARD -o br-b0f771a23490 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-b0f771a23490 -j DOCKER
-A FORWARD -i br-b0f771a23490 ! -o br-b0f771a23490 -j ACCEPT
-A FORWARD -i br-b0f771a23490 -o br-b0f771a23490 -j ACCEPT
-A FORWARD -o br-78fdf6f8a095 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-78fdf6f8a095 -j DOCKER
-A FORWARD -i br-78fdf6f8a095 ! -o br-78fdf6f8a095 -j ACCEPT
-A FORWARD -i br-78fdf6f8a095 -o br-78fdf6f8a095 -j ACCEPT
-A FORWARD -o br-734e99acb612 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-734e99acb612 -j DOCKER
-A FORWARD -i br-734e99acb612 ! -o br-734e99acb612 -j ACCEPT
-A FORWARD -i br-734e99acb612 -o br-734e99acb612 -j ACCEPT
-A FORWARD -o br-60f6a5283d5b -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-60f6a5283d5b -j DOCKER
-A FORWARD -i br-60f6a5283d5b ! -o br-60f6a5283d5b -j ACCEPT
-A FORWARD -i br-60f6a5283d5b -o br-60f6a5283d5b -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8800 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 7002 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 3449 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-017e83ed3012 ! -o br-017e83ed3012 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-f57f8c94ce2b ! -o br-f57f8c94ce2b -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-8e1ada369d6a ! -o br-8e1ada369d6a -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-462e387f3e5f ! -o br-462e387f3e5f -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-250a9b1ad50c ! -o br-250a9b1ad50c -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-4328b87911ad ! -o br-4328b87911ad -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-dfe977e76369 ! -o br-dfe977e76369 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-b138ef096d95 ! -o br-b138ef096d95 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-b0f771a23490 ! -o br-b0f771a23490 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-78fdf6f8a095 ! -o br-78fdf6f8a095 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-734e99acb612 ! -o br-734e99acb612 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-60f6a5283d5b ! -o br-60f6a5283d5b -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-017e83ed3012 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-f57f8c94ce2b -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-8e1ada369d6a -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-462e387f3e5f -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-250a9b1ad50c -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-4328b87911ad -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-dfe977e76369 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-b138ef096d95 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-b0f771a23490 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-78fdf6f8a095 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-734e99acb612 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-60f6a5283d5b -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

0 个答案:

没有答案
相关问题
最新问题