Docker MACVLAN仅适用于出站 [英] Docker MACVLAN only works Outbound

问题描述

我正在尝试为我的Docker容器设置MACVLAN. 我重新安装了Raspbian和Docker，并按照Docker文档中概述的步骤创建了MACVLAN:

I'm trying to setup a MACVLAN for my docker containers. I have a fresh Raspbian and Docker installation and followed the steps outlined to the Docker Documentation to create a MACVLAN: https://docs.docker.com/network/network-tutorial-macvlan.

该网络如下所示:

[
    {
        "Name": "pub_net",
        "Id": "782c49f79f549b11f04a6df98b8b2cbf52deef072e036306231309e44a1c9f3a",
        "Created": "2020-02-25T14:44:12.105402396+01:00",
        "Scope": "local",
        "Driver": "macvlan",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.178.0/24",
                    "Gateway": "192.168.178.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "682a47a60a5478d19b8c6fc923e11c949f70c5c07fe4dc8d94a772524c2820a1": {
                "Name": "IoBroker",
                "EndpointID": "5e7068dd9330792a91e1f1f023bd052d91d1fa93f50a2eb670ef8be81b61587f",
                "MacAddress": "02:42:c0:a8:b2:02",
                "IPv4Address": "192.168.178.2/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "parent": "eth0"
        },
        "Labels": {}
    }

假设我有一个Alpine容器连接到该网络.从容器内部，我可以访问Internet，并且网络上的一切都很好.但是，我无法从外部访问MACVLAN内的任何容器.我知道这通常无法从主机上进行，但是我不是在尝试从主机上访问容器，而是从网络上的另一台计算机上访问容器.无法从外部访问容器的IP.

Let's say i have an Alpine container attached to that network. From inside the container, I can access the internet and everything on my network just fine. I can't however access any container inside the MACVLAN from outside. I know this does usually not work from the host, but I'm not trying to access the container from the host, but from another machine on my network. The IP of the Container is not reachable form the outside.

如果我按照允许主机访问MACVLAN上的容器的步骤(创建另一个MACVLAN并添加路由表条目)，则可以从主机访问容器，但仍然不能从外部访问容器.

If I follow the steps to allow the host to access the containers on the MACVLAN (create another MACVLAN and add routing table entry), I can access the containers from the host, but still not from the outside.

也许这比Docker问题更多是Linux网络问题?

Maybe this is more of a Linux networking issue than a Docker one?

Docker版本:19.03.6 操作系统:Raspbian Buster 10，内核版本4.19.97-v7 +

Docker Version: 19.03.6 OS: Raspbian Buster 10, Kernel Version 4.19.97-v7+

您的想法会受到赞赏吗?

Does ideas would be appreciated.

推荐答案

似乎是Raspbian中使用的Linux内核版本中的ARP问题.通过sudo rpi-update更新内核后，它现在对我有用.

Seems like this is an ARP issue in the Linux Kernel version used in Raspbian. After Updating the Kernel via sudo rpi-update it now works for me.

这篇关于Docker MACVLAN仅适用于出站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！