1. дома
  2. Вопрос и ответ
  3. Докер-контейнер не может получить доступ к интернету

Докер-контейнер не может получить доступ к интернету

2015-11-19 2 views
4

Я нахожусь на второй неделе работы над этой проблемой, и ничто в Интернете не помогло исправить мою проблему.Докер-контейнер не может получить доступ к интернету

Проблема в том, что без указания --net = host я не могу получить доступ к Интернету из своих контейнеров докеров.

/home/dnadave> docker run -it --net=host --rm debian:jessie ping 8.8.8.8 
PING 8.8.8.8 (8.8.8.8): 56 data bytes 
64 bytes from 8.8.8.8: icmp_seq=0 ttl=54 time=12.059 ms 
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=11.120 ms 
^C--- 8.8.8.8 ping statistics --- 
2 packets transmitted, 2 packets received, 0% packet loss 
round-trip min/avg/max/stddev = 11.120/11.589/12.059/0.470 ms 
/home/dnadave> docker run -it --rm debian:jessie ping 8.8.8.8 
PING 8.8.8.8 (8.8.8.8): 56 data bytes 
^C--- 8.8.8.8 ping statistics --- 
4 packets transmitted, 0 packets received, 100% packet loss

Я отключил брандмауэр и покраснел мои правила Iptables и последовал за много, много других предложений в сообщениях от многих, многих проблем, связанных с докеров, которые выглядят, как у меня. До сих пор ничто не позволяло моим контейнерам подключаться к сети.

Почему мне нужно, когда я могу получить доступ к сети, используя --net = host? Ну, вы не можете создавать контейнеры, когда сетевая сеть по умолчанию не работает.

Вот некоторые важные детали, которые я видел другие должности спросить:

linux-3nwo:/var/lib # docker info 
Containers: 0 
Images: 2 
Storage Driver: devicemapper 
Pool Name: docker-254:2-1328636-pool 
Pool Blocksize: 65.54 kB 
Backing Filesystem: extfs 
Data file: /dev/loop0 
Metadata file: /dev/loop1 
Data Space Used: 1.973 GB 
Data Space Total: 107.4 GB 
Data Space Available: 105.4 GB 
Metadata Space Used: 1.61 MB 
Metadata Space Total: 2.147 GB 
Metadata Space Available: 2.146 GB 
Udev Sync Supported: true 
Deferred Removal Enabled: false 
Data loop file: /var/lib/docker/devicemapper/devicemapper/data 
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata 
Library Version: 1.03.01 (2015-05-15) 
Execution Driver: native-0.2 
Logging Driver: json-file 
Kernel Version: 4.1.12-1-default 
Operating System: openSUSE Leap 42.1 (x86_64) 
CPUs: 32 
Total Memory: 125.9 GiB 
Name: linux-3nwo 
ID: 7MDY:2LCE:NMQ2:3INA:HL4A:LRTZ:VL43:TLBT:M5UN:PF7G:KKGN:AM6D 
WARNING: No swap limit support 
linux-3nwo:/var/lib # docker version 
Client: 
Version:  1.8.2 
API version: 1.20 
Go version: go1.4.2 
Git commit: 0a8c2e3 
Built:   
OS/Arch:  linux/amd64 

Server: 
Version:  1.8.2 
API version: 1.20 
Go version: go1.4.2 
Git commit: 0a8c2e3 
Built:   
OS/Arch:  linux/amd64 
linux-3nwo:/var/lib # ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
    inet 127.0.0.1/8 scope host lo 
     valid_lft forever preferred_lft forever 
    inet6 ::1/128 scope host 
     valid_lft forever preferred_lft forever 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 
    link/ether 00:25:90:c5:53:60 brd ff:ff:ff:ff:ff:ff 
    inet 10.0.xxx.82/23 brd 10.0.253.255 scope global eth0 
     valid_lft forever preferred_lft forever 
    inet6 fe80::225:90ff:fec5:5360/64 scope link 
     valid_lft forever preferred_lft forever 
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000 
    link/ether 00:25:90:c5:53:61 brd ff:ff:ff:ff:ff:ff 
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:7f:2d:f8:9c brd ff:ff:ff:ff:ff:ff 
    inet 172.17.42.1/16 scope global docker0 
     valid_lft forever preferred_lft forever 
    inet6 fe80::42:7fff:fe2d:f89c/64 scope link 
     valid_lft forever preferred_lft forever 
22: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 
    link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff 
46: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default 
    link/ether 72:d2:9b:09:48:90 brd ff:ff:ff:ff:ff:ff link-netnsid 0 
    inet6 fe80::70d2:9bff:fe09:4890/64 scope link 
     valid_lft forever preferred_lft forever 
linux-3nwo:/var/lib # brctl show 
bridge name  bridge id    STP enabled  interfaces 
docker0   8000.02427f2df89c  no    veth98c3765 
linux-3nwo:/var/lib # ip route 
default via 10.0.xxy.1 dev eth0 proto dhcp 
10.0.xxy.0/23 dev eth0 proto kernel scope link src 10.0.xxx.82 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1 
linux-3nwo:/var/lib # iptables -L -v -n 
Chain INPUT (policy ACCEPT 12M packets, 7205M bytes) 
pkts bytes target  prot opt in  out  source    destination   

Chain FORWARD (policy ACCEPT 573 packets, 48132 bytes) 
pkts bytes target  prot opt in  out  source    destination   

Chain OUTPUT (policy ACCEPT 10M packets, 2311M bytes) 
pkts bytes target  prot opt in  out  source    destination   
linux-3nwo:/var/lib # iptables -L -n -t nat  
Chain PREROUTING (policy ACCEPT) 
target  prot opt source    destination   
DOCKER  all -- 0.0.0.0/0   0.0.0.0/0   ADDRTYPE match dst-type LOCAL 
DOCKER  all -- 0.0.0.0/0   !127.0.0.0/8   ADDRTYPE match dst-type LOCAL 

Chain INPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain OUTPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain POSTROUTING (policy ACCEPT) 
target  prot opt source    destination   

Chain DOCKER (2 references) 
target  prot opt source    destination

Позвольте мне знать, если вам нужно что-то еще, чтобы помочь понять, почему я не могу получить сети по умолчанию мост работать.

Обратите внимание, что в приведенном выше примере xxx и xxy представляют собой разные номера подсети.

Вот выход из TCPDUMP и IPTables:

linux-3nwo:/var/lib # tcpdump -ni eth0 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 
09:33:44.694711 ARP, Request who-has 10.0.252.1 tell 10.0.253.189, length 46 
09:33:44.707861 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 292 
09:33:44.734664 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 49 
09:33:44.815213 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 
09:33:44.951684 IP 10.0.253.66.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:44.966217 STP 802.1w, Rapid STP, Flags [Proposal], bridge-id 8000.40:b4:f0:b9:b2:81.82c4, length 43 
09:33:44.986628 ARP, Request who-has 10.0.252.5 tell 10.0.253.30, length 46 
09:33:45.116595 ARP, Request who-has 10.0.253.66 tell 10.0.252.154, length 46 
09:33:45.117351 ARP, Request who-has 10.0.252.154 tell 10.0.253.66, length 46 
09:33:45.259474 IP 10.0.253.82.5353 > 224.0.0.251.5353: 0*- [0q] 3/0/0 (Cache flush) SRV linux-3nwo.local.:0 0 0, (Cache flush) A 10.0.253.82, (Cache flush) TXT "name=linux-3nwo" "uuid=f73a028a-263b-42ed-a070-bafa703a2da7" "type=NoMachine" "port=0" "OS=openSUSE Leap 42.1 (x86_64)" "HW=Supermicro X9DAX" "mac=00:25:90:c5:53:60" "service=nx:4000" "ip=10.0.253.82;172.17.42.1;fe80::225:90ff:fec5:5360;fe80::42:7fff:fe2d:f89c;fe80::6810:94ff:fea6:3eea" (385) 
09:33:45.273468 IP 10.0.253.20.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:45.316500 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 12, length 64 
09:33:45.406752 IP 10.0.253.37.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:45.432241 IP 10.0.253.25.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:45.701715 IP 10.0.253.66.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:45.813602 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 
09:33:45.828616 ARP, Request who-has 10.0.252.11 tell 10.0.252.187, length 46 
09:33:45.844097 IP6 fe80::3cc4:9f10:cfc6:39ac.546 > ff02::1:2.547: dhcp6 solicit 
09:33:45.979351 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:45.979471 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:45.979545 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 854 
09:33:45.997331 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 40 
09:33:45.998852 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:46.005539 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 
09:33:46.037852 IP 10.0.253.20.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:46.048897 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 
09:33:46.141264 IP 10.0.253.37.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:46.196611 IP 10.0.253.25.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:46.302958 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 113 
09:33:46.314737 IP 10.0.253.82.48551 > 10.0.252.3.53: 47613+ A? chatenabled.mail.google.com. (45) 
09:33:46.317614 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 13, length 64 
09:33:46.328701 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 49 
09:33:46.339058 IP 10.0.252.3.53 > 10.0.253.82.48551: 47613 2/0/0 CNAME b.googlemail.l.google.com., A 216.58.216.167 (90) 
09:33:46.339372 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [S], seq 1946932641, win 29200, options [mss 1460,sackOK,TS val 123005594 ecr 0,nop,wscale 7], length 0 
09:33:46.339722 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [S.], seq 1266324944, ack 1946932642, win 43690, options [mss 1400,sackOK,TS val 1232193259 ecr 123005594,nop,wscale 7], length 0 
09:33:46.339787 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 1, win 229, options [nop,nop,TS val 123005594 ecr 1232193259], length 0 
09:33:46.340738 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 1:220, ack 1, win 229, options [nop,nop,TS val 123005594 ecr 1232193259], length 219 
09:33:46.341189 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 220, win 350, options [nop,nop,TS val 1232193260 ecr 123005594], length 0 
09:33:46.345530 IP6 fe80::515e:7529:ba62:109c.546 > ff02::1:2.547: dhcp6 solicit 
09:33:46.406369 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 1:4097, ack 220, win 350, options [nop,nop,TS val 1232193279 ecr 123005594], length 4096 
09:33:46.406425 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 4097, win 293, options [nop,nop,TS val 123005611 ecr 1232193279], length 0 
09:33:46.406556 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4097:4192, ack 220, win 350, options [nop,nop,TS val 1232193279 ecr 123005611], length 95 
09:33:46.406596 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 4192, win 293, options [nop,nop,TS val 123005611 ecr 1232193279], length 0 
09:33:46.415570 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 220:482, ack 4192, win 293, options [nop,nop,TS val 123005613 ecr 1232193279], length 262 
09:33:46.415702 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 482, win 359, options [nop,nop,TS val 1232193282 ecr 123005613], length 0 
09:33:46.427730 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4192:4486, ack 482, win 359, options [nop,nop,TS val 1232193286 ecr 123005613], length 294 
09:33:46.432424 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 482:535, ack 4486, win 314, options [nop,nop,TS val 123005617 ecr 1232193286], length 53 
09:33:46.432527 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 535:585, ack 4486, win 314, options [nop,nop,TS val 123005617 ecr 1232193286], length 50 
09:33:46.432540 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4486:4584, ack 535, win 359, options [nop,nop,TS val 1232193287 ecr 123005617], length 98 
09:33:46.432695 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 585:627, ack 4584, win 314, options [nop,nop,TS val 123005617 ecr 1232193287], length 42 
09:33:46.432840 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 627, win 359, options [nop,nop,TS val 1232193287 ecr 123005617], length 0 
09:33:46.433160 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 627:2069, ack 4584, win 314, options [nop,nop,TS val 123005618 ecr 1232193287], length 1442 
09:33:46.433280 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 2069:2107, ack 4584, win 314, options [nop,nop,TS val 123005618 ecr 1232193287], length 38 
09:33:46.433294 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 2069, win 1024, options [nop,nop,TS val 1232193287 ecr 123005618], length 0 
09:33:46.446278 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4584:4622, ack 2107, win 1024, options [nop,nop,TS val 1232193291 ecr 123005618], length 38 
09:33:46.484848 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 4622, win 314, options [nop,nop,TS val 123005631 ecr 1232193291], length 0 
09:33:46.485009 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4622:5489, ack 2107, win 1024, options [nop,nop,TS val 1232193303 ecr 123005631], length 867 
09:33:46.485046 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 5489, win 336, options [nop,nop,TS val 123005631 ecr 1232193303], length 0 
09:33:46.486329 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 2107:2153, ack 5489, win 336, options [nop,nop,TS val 123005631 ecr 1232193303], length 46 
09:33:46.489529 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 229 
09:33:46.524219 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 2153, win 1024, options [nop,nop,TS val 1232193315 ecr 123005631], length 0 
09:33:46.528035 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 33 
09:33:46.580067 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 149 
09:33:46.581176 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 20 
09:33:46.581293 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 46 
09:33:46.586292 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:46.586350 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:46.586398 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 817 
09:33:46.604126 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 36 
09:33:46.632662 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 
09:33:46.768722 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 49 
09:33:46.770637 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 63 
09:33:46.789002 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 32 
09:33:46.801044 STP 802.1w, Rapid STP, Flags [Proposal], bridge-id 8000.40:b4:f0:b9:b2:81.82c4, length 43 
09:33:46.813571 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 
09:33:46.814971 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 43 
09:33:46.858966 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 
09:33:46.895047 IP 10.0.253.37.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:46.957553 IP6 fe80::b01a:80e7:8bb6:9151.546 > ff02::1:2.547: dhcp6 solicit 
09:33:46.957560 IP6 fe80::b01a:80e7:8bb6:9151.546 > ff02::1:2.547: dhcp6 solicit 
09:33:46.960984 IP 10.0.253.25.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:46.971896 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:46.972007 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:46.972111 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 899 
09:33:46.972252 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 34 
09:33:46.987867 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 36 
09:33:46.988242 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 33 
09:33:47.028542 ARP, Request who-has 10.0.252.22 tell 10.0.252.187, length 46 
09:33:47.150542 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 69 
09:33:47.150586 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 172 
09:33:47.151005 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 49 
09:33:47.200289 IP 10.0.253.188.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:47.268317 IP 10.0.252.122.138 > 10.0.252.255.138: NBT UDP PACKET(138) 
09:33:47.268767 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 
09:33:47.318762 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 14, length 64 
09:33:47.826000 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 
09:33:47.868511 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 
09:33:47.912076 IP6 fe80::5119:e41f:69fb:571a.546 > ff02::1:2.547: dhcp6 solicit 
09:33:47.965641 IP 10.0.253.188.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:47.976067 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:47.976156 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:47.976214 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 889 
09:33:47.979693 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:47.979768 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 
09:33:47.979833 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 917 
09:33:47.979912 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 300 
09:33:47.988005 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 36 
09:33:47.994315 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 33 
09:33:47.995542 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 33 
09:33:48.019637 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 
09:33:48.149231 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 88 
09:33:48.162129 IP6 fe80::3144:581c:bddd:1174.546 > ff02::1:2.547: dhcp6 solicit 
09:33:48.174777 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 52 
09:33:48.182153 IP6 fe80::d5a1:b9ed:5abf:e987.546 > ff02::1:2.547: dhcp6 solicit 
09:33:48.205805 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 130 
09:33:48.206747 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 55 
09:33:48.206985 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 43 
09:33:48.209197 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 41 
09:33:48.212576 ARP, Request who-has 10.0.252.3 tell 10.0.253.200, length 46 
09:33:48.213464 ARP, Request who-has 10.0.253.200 tell 10.0.252.3, length 46 
09:33:48.235155 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 40 
09:33:48.319893 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 15, length 64 
09:33:48.368223 ARP, Request who-has 10.0.253.25 tell 10.0.252.154, length 46 
09:33:48.368497 ARP, Request who-has 10.0.252.154 tell 10.0.253.25, length 46 
09:33:48.372105 ARP, Request who-has 10.0.252.109 tell 10.0.253.199, length 46 
09:33:48.385849 ARP, Request who-has 10.0.253.143 tell 10.0.252.104, length 46 
09:33:48.386598 ARP, Request who-has 10.0.252.104 tell 10.0.253.143, length 46 
09:33:48.423585 ARP, Request who-has 10.0.252.122 tell 10.0.252.121, length 46 
09:33:48.468500 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 
09:33:48.636354 IP 10.0.253.82.58726 > 10.0.252.3.53: 48237+ A? careers.stackoverflow.com. (43) 
09:33:48.662658 IP6 fe80::a40b:27e1:9478:e1be.546 > ff02::1:2.547: dhcp6 solicit 
09:33:48.696961 STP 802.1w, Rapid STP, Flags [Proposal], bridge-id 8000.40:b4:f0:b9:b2:81.82c4, length 43 
09:33:48.731101 IP 10.0.253.188.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:48.794708 IP6 fe80::4970:ce3b:d6f3:3195.546 > ff02::1:2.547: dhcp6 solicit 
09:33:48.824379 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 
09:33:49.131326 ARP, Request who-has 10.0.252.5 tell 10.0.253.177, length 46 
09:33:49.321019 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 16, length 64 
09:33:49.323655 ARP, Request who-has 10.0.252.109 tell 10.0.253.199, length 46 
09:33:49.368507 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 
09:33:49.476222 ARP, Request who-has 10.0.252.22 tell 10.0.252.183, length 46 
09:33:49.511487 IP 10.0.253.30.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:49.609076 ARP, Request who-has 10.0.252.5 tell 10.0.253.21, length 46 
09:33:49.609781 ARP, Request who-has 10.0.253.21 tell 10.0.252.5, length 46 
09:33:49.659080 IP6 fe80::a40b:27e1:9478:e1be.546 > ff02::1:2.547: dhcp6 solicit 
09:33:49.999318 IP 10.0.253.21.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 8c:89:a5:93:01:ce, length 300 
09:33:49.999948 IP 10.0.252.5.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 311 
09:33:49.999997 IP 10.0.252.3.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 311 
09:33:50.268462 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 
09:33:50.277206 IP 10.0.253.30.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 
09:33:50.321988 ARP, Request who-has 10.0.252.109 tell 10.0.253.199, length 46 
09:33:50.322153 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 17, length 64 
09:33:50.500890 STP 802.1w, Rapid STP, Flags [Proposal], bridge-id 8000.40:b4:f0:b9:b2:81.82c4, length 43 
09:33:50.592916 ARP, Request who-has 10.0.252.5 tell 10.0.253.45, length 46 
^C 
153 packets captured 
154 packets received by filter 
0 packets dropped by kernel 
linux-3nwo:/var/lib # iptables -L -n 
Chain INPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain FORWARD (policy ACCEPT) 
target  prot opt source    destination   

Chain OUTPUT (policy ACCEPT) 
target  prot opt source    destination

Вот лучший обзор IPTables -t нац -L:

linux-3nwo:~ # iptables -t nat -L 
Chain PREROUTING (policy ACCEPT) 
target  prot opt source    destination   
DOCKER  all -- anywhere   !loopback/8   ADDRTYPE match dst-type LOCAL 

Chain INPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain OUTPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain POSTROUTING (policy ACCEPT) 
target  prot opt source    destination   

Chain DOCKER (1 references) 
target  prot opt source    destination

источник

2015-11-19 DNADave

ответ

0

Можете ли вы вставить правило Iptables, а также попробовать для выполнения tcpdump на хост-порту, чтобы проверить, что все пакеты выходят из коробки, когда вы запускаете ping внутри контейнера. команда: tcpdump -ni eth0, iptables -L -n (если у вас есть ubuntu host).

UPDATE:

Глядя на Tcpdump, выглядит как ваш хост в не делать NATing, запрос отправляется с грузчиком Ip себя, что не имеет никакого значения за пределами вашего хоста: 09: 33: 46.317614 IP 172.17 .0.8> 8.8.8.8: ICMP echo request, id 1, seq 13, length 64 Вы можете попробовать эту команду: «iptables -t nat -L». Вы должны увидеть что-то вроде этого: Chain POSTROUTING (политика ACCEPT) целевого Prot источника неавтоматического назначения маскируется - 172.17.0.0/16 везде

попытки перезапуска докер службы: перезагрузка Docker службы или /etc/init.d/перезагрузка докеров. Он должен исправить эту таблицу. Обратитесь к этому исправлению IPtables.

источник

2015-11-19 07:48:47 Gogi

+0

Я просто добавил вывод из этих двух команд, на мой оригинальный пост. Они были слишком длинными, чтобы добавить здесь комментарий. – DNADave

+0

Вы не поверите, сколько раз я перезапустил службу.Я удалил и переустановил docker/iptables несколько раз. Я даже обновил ОС с OpenSuSE 13.2 до Leap 42.1. Ничто не устранило эту проблему. – DNADave

+0

Вот на выходе из Iptables команды вы предложили: – DNADave

1

С помощью Джесси Аренс на сайте Stackengine.com мы смогли определить, что проблема сокета была проблемой. Мы нашли это, создав новый сокет вручную и заметив, что проблемы с сетью исчезли. Окончательное исправление было редактировать /usr/lib/systemd/system/docker.service от:

[Unit] 
Description=Docker Application Container Engine 
Documentation=http://docs.docker.com 
After=network.target docker.socket 
Requires=docker.socket 

[Service] 
EnvironmentFile=/etc/sysconfig/docker 
ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS 
MountFlags=slave 
LimitNOFILE=1048576 
LimitNPROC=1048576 
LimitCORE=infinity 

[Install] 
WantedBy=multi-user.target

к:

[Unit] 
Description=Docker Application Container Engine 
Documentation=http://docs.docker.com 
After=network.target docker.socket 
Requires=docker.socket 

[Service] 
EnvironmentFile=/etc/sysconfig/docker 
ExecStart=/usr/bin/docker -d -H unix:///var/run/docker.sock $DOCKER_OPTS 
MountFlags=slave 
LimitNOFILE=1048576 
LimitNPROC=1048576 
LimitCORE=infinity 

[Install] 
WantedBy=multi-user.target

источник

2015-11-19 23:24:49 DNADave

Смежные вопросы

 Смежные вопросы