linux - 在 CentOS 7 上无法从 Docker 容器内访问网络
问题描述
我无法通过 CentOS 7 上的 docker 容器访问互联网。我尝试了几乎所有可以在网上找到的东西,即使禁用 firewalld 也无济于事。
我可以从主机 ping,但不能从容器内部 ping。
ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=247 time=12.7 ms
docker run -it --rm alpine ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
这是 docker info 的结果。
Client:
Debug Mode: false
Server:
Containers: 27
Running: 0
Paused: 0
Stopped: 27
Images: 9
Server Version: 19.03.6
Storage Driver: devicemapper
Pool Name: docker-253:0-135106576-pool
Pool Blocksize: 65.54kB
Base Device Size: 10.74GB
Backing Filesystem: xfs
Udev Sync Supported: true
Data file: /dev/loop0
Metadata file: /dev/loop1
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Data Space Used: 1.371GB
Data Space Total: 107.4GB
Data Space Available: 37.14GB
Metadata Space Used: 2.908MB
Metadata Space Total: 2.147GB
Metadata Space Available: 2.145GB
Thin Pool Minimum Free Space: 10.74GB
Deferred Removal Enabled: true
Deferred Deletion Enabled: true
Deferred Deleted Device Count: 0
Library Version: 1.02.158-RHEL7 (2019-05-13)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version: fec3683
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-327.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.703GiB
Name: aaa.bbb.fr
ID: PFCS:N6PF:2M5Z:VFSI:IK66:RRYB:GP5U:UU5R:ICX2:YSHP:2ZMR:DULU
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: the devicemapper storage-driver is deprecated, and will be removed in a future release.
WARNING: devicemapper: usage of loopback devices is strongly discouraged for production use.
Use `--storage-opt dm.thinpooldev` to specify a custom block storage device.
来自 uname -a。
Linux xxx.aaa-bbb.fr 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
服务器名称已“匿名”。
解决方案
您可以尝试以交互模式运行容器:
docker run -it alpine /bin/sh
并使用 route 命令检查路由表:
/ # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 * 255.255.0.0 U 0 0 0 eth0
就我而言,“默认”路由使用 172.17.0.1 网关将容器连接到互联网,如 traceroute 命令所示:
/ # traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 46 byte packets
1 172.17.0.1 (172.17.0.1) 0.016 ms 0.012 ms 0.011 ms
2 192.168.2.1 (192.168.2.1) 0.821 ms 1.035 ms 0.909 ms
3 192.168.15.1 (192.168.15.1) 5.828 ms 2.388 ms 1.385 ms
4 * * *
5 201-156-180-113.reservada.static.axtel.net (201.156.180.113) 4.354 ms 3.901 ms 3.768 ms
6 189-211-110-77.static.axtel.net (189.211.110.77) 3.159 ms 3.586 ms 2.791 ms
...
15 74.125.50.198 (74.125.50.198) 30.514 ms 209.85.172.106 (209.85.172.106) 32.289 ms 74.125.50.198 (74.125.50.198) 30.217 ms
16 108.170.240.129 (108.170.240.129) 31.972 ms 108.170.252.161 (108.170.252.161) 33.039 ms 31.773 ms
17 216.239.63.239 (216.239.63.239) 30.631 ms 209.85.243.255 (209.85.243.255) 31.615 ms 216.239.42.99 (216.239.42.99) 31.734 ms
18 dns.google (8.8.8.8) 31.240 ms 30.674 ms 30.885 ms
推荐阅读
- image - 图像中手绘逻辑门的分割
- javascript - 禁用公会 Discord JS COMMANDO 上的命令
- terraform - 如何在同一个`main.tf`中多次重用一个模块?
- php - cURL php 显示的结果与 chrome/firefox 不同
- python - 如何检查值是numpy数字还是python原语
- android - 考虑到 pdu 已创建为字符串时,如何从 pdu 对象创建 SmsMessage 尤其是在使用 WorkManager InputData 时
- python - 计算面板数据的历史平均值
- java - 如何在更改方法中使用用户选择
- python - 了解上下文中透视变换到目标点的输出?
- typescript - 导入时自动实例化 NativeScript 插件?