以前,我有sun虚拟机,并且在其中使用vpn。但是现在在阅读了有关docker的内容后,我想在docker内尝试vpn
我创建了一个映像,并在其中启动了带有vpn的容器。
我发现的问题是docker vpn速度比VM慢得多
然后我尝试使用--network=host运行容器,则VPN速度很好。
但是问题是现在主机也使用vpn。
我希望将VPN隔离到docker,并且主机不受影响。
当我使用--network=host运行docker并启动vpn时,我发现了一些变化
在启动容器并在其中添加vpn之前:
在主机上:
$ ip route
default via 192.168.43.1 dev wlp3s0 proto dhcp metric 600
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.43.0/24 dev wlp3s0 proto kernel scope link src 192.168.43.193 metric 600
iptables是:
$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
现在使用以下方法凝视docker之后:
$ docker run --rm -it --network=host --privileged -v /home/web_dev/radhanath_google_search/mapping:/mapping --name test archlinux/test /usr/bin/bash
在主机上:
# ip route
0.0.0.0/1 via 10.110.14.1 dev tun0
default via 192.168.43.1 dev wlp3s0 proto dhcp metric 600
10.110.14.0/23 dev tun0 proto kernel scope link src 10.110.14.170
116.193.159.75 via 192.168.43.1 dev wlp3s0
128.0.0.0/1 via 10.110.14.1 dev tun0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.43.0/24 dev wlp3s0 proto kernel scope link src 192.168.43.193 metric 600
和iptables
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere 10.0.0.0/8
ACCEPT all -- anywhere 172.16.0.0/12
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere www.sublimetext.com
ACCEPT all -- anywhere 116-193-159-75.pacswitch.com
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
我是ip route和iptables的新手。但是以为通过使用--network=host ip路由和iptables发生了变化,主机网络和docker网络是相同的。但是,如果不使用,VPN的速度将非常慢,但是VPN在docker中是隔离的,而主机是在没有VPN的情况下被隔离的。
我的目标是在不使用vpn的情况下运行主机,而将docker在vpn中运行,与虚拟机相比不会出现速度问题