Solution of docker suddenly unable to be accessed by external network
- 2021-10-16 05:31:08
- OfStack
According to the methods of the bosses, the reason sysctl net. ipv4.ip_forward was found. Tencent Cloud prompted to fix the vulnerability, and after executing their script, ip forwarding was turned off.
Later, after studying 1, the problem can be found through docker info.
And you can see that docker gives a 1 warning
Solution:
sudo vim/etc/sysctl. conf Modify, save, then systemctl restart network
Or
sysctl -w net.ipv4.ip_forward=1
But this process may fail after the server restarts?
There are also two warnings, just deal with one case and one case.
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Supplement: docker network problem. In the docker container, ping cannot be connected to the external network ip of the host machine, but ping can be connected to the external network ip of other machines
Problem description
Both the machine A and the machine B have their own internal network IP and external network IP, for example: A-IP-internal, A-IP-external
B-IP-inside, B-IP-outside, A machine has one domain name www. xxx. com
Install the docker container of jenkins on the A machine, and enter the container after starting
#docker exec -it jenkins /bin/sh
And then inside the container ping Host machine A Intranet of IP , yes ping Tong
#ping A-IP- Inside ( 172.16 ...) // Returns the ability to ping Tong
#ping A-IP- Outside (202.106 … ) //ping Impassable
#ping www.xxx.com // Can be correctly parsed as A External network of machine IP , but ping Impassable
#ping baidu.com // Yes ping Tong
In addition:
1. Host machine A machine ping A-IP-outside (202.106...) outside the docker container is open.
2. Install an jenkins container on an B machine. ping A-IP-outside the container (202.106 …) is open.
2. Installing jenkins container on B machine, ES90B-IP inside the container-outside (202.106 …) is impassable.
Finding various network problems, deleting containers, mirroring, and reloading docker will not work.
In a word, in the docker container, the public network IP of the ping host itself is different from that of ping
I need to resolve the intranet address of the A machine in the container of the A machine ping www. xxx. com.
Because ping can pass the intranet address of A machine in the container.
Newly modified docker-compose file
extra_hosts:
- " www.xxx.com:172.16.xxx.A"
After rebuilding the docker container, enter the docker container
#ping A-IP- Outside (202.106 … ) // Correct ping Tong, OK Meet the requirements