我正在尝试从ubuntu容器更新软件包;但是,更新失败,并且我注意到我无法在任何地方连接,能够查找所认为的dns名称。
我正在使用nicolaka / netshoot容器来测试网络。
我使用“ tcpdump”命令来跟踪与发送的消息有关的任何错误,并且使用ping从容器进行测试会导致以下错误“ ICMP时间超过传输中”。
主机界面中的tcpdump:
16:18:25.257270 IP 172.217.192.100 > nicolas: ICMP echo reply, id 33, seq 3, length 64
16:18:25.257314 IP nicolas > 172.217.192.100: ICMP time exceeded in-transit, length 92
16:18:26.237575 IP nicolas > 172.217.192.100: ICMP echo request, id 33, seq 4, length 64
16:18:26.286692 IP 172.217.192.100 > nicolas: ICMP echo reply, id 33, seq 4, length 64
16:18:26.286757 IP nicolas > 172.217.192.100: ICMP time exceeded in-transit, length 92
16:18:27.261770 IP nicolas > 172.217.192.100: ICMP echo request, id 33, seq 5, length 64
16:18:27.302193 IP 172.217.192.100 > nicolas: ICMP echo reply, id 33, seq 5, length 64
16:18:27.302241 IP nicolas > 172.217.192.100: ICMP time exceeded in-transit, length 92
16:18:28.285631 IP nicolas > 172.217.192.100: ICMP echo request, id 33, seq 6, length 64
16:18:28.329531 IP 172.217.192.100 > nicolas: ICMP echo reply, id 33, seq 6, length 64
16:18:28.329596 IP nicolas > 172.217.192.100: ICMP time exceeded in-transit, length 92
16:18:29.309767 IP nicolas > 172.217.192.100: ICMP echo request, id 33, seq 7, length 64
16:18:29.353202 IP 172.217.192.100 > nicolas: ICMP echo reply, id 33, seq 7, length 64
16:18:29.353272 IP nicolas > 172.217.192.100: ICMP time exceeded in-transit, length 92
我也不确定我的iptables是否与docker容器获得互联网连接的预期一致。
iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
答案 0 :(得分:0)
在容器中ping 8.8.8.8有什么结果? 还是当您要运行容器时您的建议是什么?
答案 1 :(得分:0)
我将结束这个问题,因为我发现问题出在我的ISP上,该问题是通过使用双NAT(ISP NAT + Docker NAT)阻止了我的容器的连接。