问题的要点是,如果我创建并运行一个Docker容器(从任何映像,我尝试了很多)该容器没有网络访问权限,而不是Docker创建的默认桥;即使使用IP地址(而不是URL /名称)。
即
docker run --rm -it busybox ping 8.8.8.8因无法访问网络而挂起/失败docker run --rm -it busybox ping 172.17.0.1也会失败(请注意,172.17.0.1是docker0在主机上的IP,也是docker在容器中设置的网关)N.B:
我有两个都运行Docker 19.03.6的Ubuntu主机(相同版本)。在其中一台(开发机)上,我没有问题(工作正常),在另一台上,我有问题。这意味着它很可能不是操作系统和/或Docker版本的问题,而是某种形式的错误配置。
在我能找到的大多数问题中,不是 DNS问题。实际上,这根本不是DNS问题。当我使用直接IP地址以及URL时,它就会显示出来。
我在主机上使用iptables;这些是不起作用的规则(它们在开发网络上可以正常工作的开发机器上是不同的,但我不能在此处设置相同):
Chain INPUT (policy DROP)
target prot opt source destination
f2b-postfix-sasl tcp -- anywhere anywhere multiport dports smtp,urd,submission,imap3,imaps,pop3,pop3s
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:ntp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:urd state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:urd state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:submission state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:ntp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:imap2 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:imaps state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:urd state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:smtp state ESTABLISHED
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix-sasl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
我不确定还有什么要澄清的。
我该怎么办?