|
本帖最后由 AllenHua 于 2021-4-14 15:10 编辑
【2021-04-14 15:10:31 更新 "【已解决】记一次 docker 容器内能 ping 通 ip 但 ping 不通域名问题的排查经过" https://hellodk.cn/post/496 】 楼主写了一篇文章记录
[更新] 容器 alpine 中ping ip 是ok的,但是ping域名就提示 "bad address"
这应该是防火墙问题,
这条 iptables 规则 怎么写?难倒防火墙小白了
已经看了这个帖子 https://www.right.com.cn/forum/thread-1209004-1-1.html 我照做了并没有用。我这边的docker 里的各个容器依然无法访问外网
求助大佬们,麻烦帮我看看问题到底出在哪呢
容器使用的 网络是 docker 默认的 bridge
我的 /etc/docker/daemon.json 如下
{
"data-root": "/opt/docker/",
"log-level": "warn",
"registry-mirrors": [
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com"
],
"dns": ["10.10.10.1","8.8.4.4"],
"bip": "192.168.20.1/23"
}
宿主机的 docker0 网络接口是这样
docker0 Link encap:Ethernet HWaddr 02:42:AF:18:9A:10
inet addr:192.168.20.1 Bcast:192.168.21.255 Mask:255.255.254.0
inet6 addr: fe80::42:afff:fe18:9a10/64 Scopeink
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:257 errors:0 dropped:0 overruns:0 frame:0
TX packets:113 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:50030 (48.8 KiB) TX bytes:13529 (13.2 KiB)
alpine 容器中的ip情况是
# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:14:05
inet addr:192.168.20.5 Bcast:192.168.21.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3064 (2.9 KiB) TX bytes:636 (636.0 B)
然而在容器alpine中 执行 ping baidu.com 一直是 bad address
# ping baidu.com
ping: bad address 'baidu.com'
宿主机是 x86 openwrt ip是10.10.10.1,能够ping通
# ping 10.10.10.1 -c 4
PING 10.10.10.1 (10.10.10.1): 56 data bytes
64 bytes from 10.10.10.1: seq=0 ttl=64 time=0.420 ms
64 bytes from 10.10.10.1: seq=1 ttl=64 time=0.398 ms
64 bytes from 10.10.10.1: seq=2 ttl=64 time=0.350 ms
64 bytes from 10.10.10.1: seq=3 ttl=64 time=0.351 ms
--- 10.10.10.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.350/0.379/0.420 ms
软路由上一级还有一个房东的路由器 192.168.1.1 也能够ping通
# ping 192.168.1.1 -c 4
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=63 time=0.787 ms
64 bytes from 192.168.1.1: seq=1 ttl=63 time=0.318 ms
64 bytes from 192.168.1.1: seq=2 ttl=63 time=0.264 ms
64 bytes from 192.168.1.1: seq=3 ttl=63 time=0.292 ms
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.264/0.415/0.787 ms
bridge 的配置情况
# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "57ad2a75c0c9c9f7445cda03309a5af8124e91c068b0e8e60e5d3b72513c5d13",
"Created": "2021-04-11T22:04:24.040500312+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "192.168.20.1/23",
"Gateway": "192.168.20.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"075c54190907be1bff2295fcdd8de61b9de4697a3e19dabf9386ccafa7ee69f9": {
"Name": "emby",
"EndpointID": "fa7b83488cd11063ceeada51b45cc340a779d3235aabedb4ec4734503cf91b9a",
"MacAddress": "02:42:c0:a8:1e:03",
"IPv4Address": "192.168.20.3/23",
"IPv6Address": ""
},
"4211db0a706e3238c65c8a5e15b50afc9aff851638f405304d7db64fac17e23b": {
"Name": "librespeed",
"EndpointID": "76575bc064fe27dff9a8bd4610ae11c0c5aa443571509cfb81c61bbc10f12ab0",
"MacAddress": "02:42:c0:a8:1e:04",
"IPv4Address": "192.168.20.4/23",
"IPv6Address": ""
},
"930287b2af4589098288cb3cf2b5d362b30b4c641fb7e0308b8fe46211e8edce": {
"Name": "frosty_solomon",
"EndpointID": "4319a28a78c2b07f6a9c5e90fca202217d66a3483cc50c13e9bc85ddea7c41ad",
"MacAddress": "02:42:c0:a8:1e:05",
"IPv4Address": "192.168.20.5/23",
"IPv6Address": ""
},
"b88f50f75256eadd63f0ea88d5fb7eab489e1397af6aa7d01ca26a6bb9b38558": {
"Name": "portainer",
"EndpointID": "adc31df17349cff82ded46101c7649db79c91392df1ee1bee09fa1e79a613cf0",
"MacAddress": "02:42:c0:a8:1e:02",
"IPv4Address": "192.168.20.2/23",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "false",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
检查容器 alpine 里的 /etc/resolv.conf
# cat /etc/resolv.conf
search lan
nameserver 10.10.10.1
nameserver 223.5.5.5
nameserver 8.8.4.4
docker version 和 docker info 信息
# docker version
Client:
Version: 19.03.3
API version: 1.40
Go version: go1.14
Git commit: a872fc2f86
Built: Wed Apr 1 05:32:59 2020
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 19.03.3
API version: 1.40 (minimum version 1.12)
Go version: go1.14
Git commit: a872fc2f86
Built: Tue Mar 31 15:14:35 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit:
# docker info
Client:
Debug Mode: false
Server:
Containers: 8
Running: 5
Paused: 0
Stopped: 3
Images: 7
Server Version: 19.03.3
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
init version:
Kernel Version: 4.19.108
Operating System: OpenWrt SNAPSHOT
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.778GiB
Name: dkRouter
ID: 75OL:MXL2:WD6FJIO:ZF4S:UP4L72K:577K:ZLEY:ZDRX:S4RE:V4NX
Docker Root Dir: /opt/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Registry Mirrors:
https://registry.docker-cn.com/
http://hub-mirror.c.163.com/
Live Restore Enabled: false
/etc/sysctl.conf 的内容
# cat /etc/sysctl.conf
# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
---
ping 公网域名就不可以了,为什么?求助各位大佬
ps: 我软路由上使用了 dnsmasq 所以 我在docker 的daemon.json 文件中定义dns 时 写了 10.10.10.1 (软路由ip)
但是重启机器还是无法ping通 baidu.com 呀
希望大佬们能一针见血,小弟实在不知道怎么解决了
|
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?立即注册
×
|