没有--net = host参数的docker容器内的网络无法访问

Question

问题:docker容器中没有Internet连接.

症状:ping 8.8.8.8不起作用.来自主机系统的Wireshark回馈:

 19 10.866212113   172.17.0.2 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x0009, seq=0/0, ttl=64
 20 11.867231972   172.17.0.2 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x0009, seq=1/256, ttl=64
 21 12.868331353   172.17.0.2 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x0009, seq=2/512, ttl=64
 22 13.869400083   172.17.0.2 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x0009, seq=3/768, ttl=64

但是!如果容器启动与--net=host互联网将完美.

到目前为止我尝试过的:

• 改变DNS
• 添加--ip-masq=true到/etc/default/docker(重启关闭)
• 启用与masquerade/ip_forward相关的所有内容
• 改变默认路线
• 这里建议的一切

主机配置:

$ sudo route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.4.2.1      0.0.0.0         UG    0      0        0 eno1.3001
default         10.3.2.1      0.0.0.0         UG    100    0        0 eno2
10.3.2.0      *               255.255.254.0   U     100    0        0 eno2
10.4.2.0      *               255.255.254.0   U     0      0        0 eno1.3001
nerv8.i         10.3.2.1      255.255.255.255 UGH   100    0        0 eno2
172.17.0.0      *               255.255.0.0     U     0      0        0 docker0

sudo iptables -L,cat /etc/network/interfaces,ifconfig,iptables -t nat -L -nv

一切都很好,转发也启用:

$ sudo sysctl net.ipv4.ip_forward 
net.ipv4.ip_forward = 1

Answer 1

这是您正在寻找的不完整答案。但我想解释一下为什么互联网可以工作

如果容器以 --net=host internet 启动将完美运行。

Docker 默认支持三种网络。在这种模式下（HOST）容器将共享主机的网络堆栈，并且来自主机的所有接口都可用于容器。容器的主机名将与主机系统上的主机名匹配

# docker run -it --net=host ubuntu:14.04 /bin/bash
root@labadmin-VirtualBox:/# hostname
labadmin-VirtualBox
Even the IP configuration is same as the host system's IP configuration
root@labadmin-VirtualBox:/# ip addr | grep -A 2 eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:b5:82:2f brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
root@labadmin-VirtualBox:/# exit
exit

主机系统 IP 配置

# ip addr | grep -A 2 eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:b5:82:2f brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
       valid_lft forever preferred_lft forever
3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 

有关 docker 网络的更多信息，请参阅此处。

Answer 2

检查net.ipv4.conf.all.forwarding(not net.ipv4.ip_forward) 是否设置为1，如果没有，请将其打开：

$ sysctl net.ipv4.conf.all.forwarding

net.ipv4.conf.all.forwarding = 0

$ sysctl net.ipv4.conf.all.forwarding=1

$ sysctl net.ipv4.conf.all.forwarding

net.ipv4.conf.all.forwarding = 1