Of Stack

Solution of docker suddenly unable to be accessed by external network

  • 2021-10-16 05:31:08
  • OfStack

According to the methods of the bosses, the reason sysctl net. ipv4.ip_forward was found. Tencent Cloud prompted to fix the vulnerability, and after executing their script, ip forwarding was turned off.

Later, after studying 1, the problem can be found through docker info.

And you can see that docker gives a 1 warning

Solution:

sudo vim/etc/sysctl. conf Modify, save, then systemctl restart network

Or 


sysctl -w net.ipv4.ip_forward=1

But this process may fail after the server restarts?

There are also two warnings, just deal with one case and one case. 


WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Supplement: docker network problem. In the docker container, ping cannot be connected to the external network ip of the host machine, but ping can be connected to the external network ip of other machines

Problem description

Both the machine A and the machine B have their own internal network IP and external network IP, for example: A-IP-internal, A-IP-external

B-IP-inside, B-IP-outside, A machine has one domain name www. xxx. com

Install the docker container of jenkins on the A machine, and enter the container after starting 


#docker exec -it jenkins /bin/sh
 And then inside the container  ping Host machine A Intranet of IP , yes ping Tong 
#ping A-IP- Inside ( 172.16 ...)  // Returns the ability to ping Tong 
#ping A-IP- Outside (202.106 … ) //ping Impassable 
#ping www.xxx.com // Can be correctly parsed as A External network of machine IP , but ping Impassable 
#ping baidu.com // Yes ping Tong

In addition:

1. Host machine A machine ping A-IP-outside (202.106...) outside the docker container is open.

2. Install an jenkins container on an B machine. ping A-IP-outside the container (202.106 …) is open.

2. Installing jenkins container on B machine, ES90B-IP inside the container-outside (202.106 …) is impassable.

Finding various network problems, deleting containers, mirroring, and reloading docker will not work.

In a word, in the docker container, the public network IP of the ping host itself is different from that of ping

I need to resolve the intranet address of the A machine in the container of the A machine ping www. xxx. com.

Because ping can pass the intranet address of A machine in the container.

Newly modified docker-compose file 


extra_hosts:
- " www.xxx.com:172.16.xxx.A"

After rebuilding the docker container, enter the docker container 


#ping A-IP- Outside (202.106 … ) // Correct ping Tong, OK Meet the requirements
Related articles: