Docker Macvlan网络,无法访问互联网 [英] Docker macvlan network, unable to access internet
问题描述
我有一个具有多个IP地址的专用服务器,某些IP关联了mac地址,而其他IP(在子网中)则没有mac地址. 我已经使用以下命令创建了docker macvlan网络:
I have a dedicated server with multiple IP addresses, some IP's have mac address associated while others(in a subnetwork) doesn't have mac addresses. I have created docker macvlan network using:
docker network create -d macvlan -o macvlan_mode=bridge --subnet=188.40.76.0/26 --gateway=188.40.76.1 -o parent=eth0 macvlan_bridge
我的IP地址是:88.99.102.115,Mac:00:50:56:00:60:42.使用以下方法创建了一个容器:
I have ip: 88.99.102.115 with mac: 00:50:56:00:60:42. Created a container using:
docker run --name cont1 --net=macvlan_bridge --ip=88.99.102.115 --mac-address 00:50:56:00:60:42 -itd nginx
这有效,我可以从外部访问该IP地址上托管的nginx.
This works, I can access nginx hosted at that ip address from outside.
具有IP地址的情况,该IP地址没有mac地址,并且网关不在子网范围内.
子网:88.99.114.16/28,网关:88.99.102.103
subnet: 88.99.114.16/28, gateway: 88.99.102.103
无法使用以下方法创建网络:
Unable to create network using:
docker network create -d macvlan -o macvlan_mode=bridge --subnet=88.99.114.16/28 --gateway=88.99.102.103 -o parent=eth0 mynetwork
抛出错误:
no matching subnet for gateway 88.99.102.103
尝试扩大子网范围以包含网关:
Tried with increasing subnet scope to include gateway:
docker network create -d macvlan -o macvlan_mode=bridge --subnet=88.99.0.0/16 --gateway=88.99.102.103 -o parent=eth0 mynetwork
创建了网络,然后使用"mynetwork"启动了nginx容器,我没有88.99.114.18的mac地址,因此使用了一些随机的mac地址40:1c:0f:bd:a1:d2.
Network got created, then started nginx container using 'mynetwork' and well I dont have mac address for 88.99.114.18 so used some random mac address 40:1c:0f:bd:a1:d2.
docker run --name cont1 --net=mynetwork --ip=88.99.114.18 --mac-address 40:1c:0f:bd:a1:d2 -itd nginx
无法访问nginx(88.99.102.115).
Can't reach nginx(88.99.102.115).
- 如果我的网关不在子网中,如何创建macvlan docker网络?
- 当我只有IP地址但没有mac地址时,如何使用macvlan网络运行容器?
我对网络知识不多,如果您详细解释,它将非常有帮助.
I don't have much knowledge in networking, it will be really helpful if you explain in detail.
我的/etc/network/interfaces文件:
My /etc/network/interfaces file:
### Hetzner Online GmbH - installimage
# Loopback device:
auto lo
iface lo inet loopback
iface lo inet6 loopback
# device: eth0
auto eth0
iface eth0 inet static
address 88.99.102.103
netmask 255.255.255.192
gateway 88.99.102.65
# default route to access subnet
up route add -net 88.99.102.64 netmask 255.255.255.192 gw 88.99.102.65 eth0
iface eth0 inet6 static
address 2a01:4f8:221:1266::2
netmask 64
gateway fe80::1
推荐答案
您可能想先阅读子网和路由
如果我的网关不在子网中,如何创建macvlan docker网络?
How do I create a macvlan docker network if my gateway is out of my subnet?
网关地址必须与接口位于同一子网中.要使用此新子网,您将需要用完一个IP地址并将其分配给主机上的某个位置作为网关.
A gateway address must be on the same subnet as an interface. To use this new subnet you will need to use up one of the IP addresses and assign it somewhere on the host as a gateway.
从托管屏幕快照中,已将88.99.114.16/28子网设置为通过主机88.99.102.103进行路由.如果希望Docker使用子网中的其余IP地址,则需要在主机上的某个地方创建一个接口用作网关.
From the hosting screen shot, the 88.99.114.16/28 subnet has been setup to route via your host 88.99.102.103. You need to create an interface somewhere on your host to use as the gateway if you want Docker to use the rest of the IP addresses in the subnet.
创建一个供Docker使用的桥接网络,该桥接将被分配网关地址88.99.114.17
Create a bridge network for Docker to use, the bridge will be assigned the gateway address 88.99.114.17
docker network create \
--driver=bridge \
--subnet 88.99.114.16/28 \
--gateway=88.99.114.17 \
name0
您可能还需要启用IP转发才能使路由正常工作.在/etc/sysctl.conf中配置IP转发:
You may also need to enable IP forwarding for routing to work. Configure ip forwarding in /etc/sysctl.conf:
net.ipv4.ip_forward = 1
并应用新设置
sysctl -p /etc/sysctl.conf
然后使用路由网络在新桥上运行一个容器,应该能够访问网关和互联网
Then run a container on the new bridge with your routed network should be able to access the gateway and the internet
docker run --net=name0 --rm busybox \
sh -c "ip ad sh && ping -c 4 88.99.114.17 && wget api.ipify.org"
根据默认的FORWARD策略,您可能需要允许访问iptables中的子网
You may need to allow access into the subnet in iptables, depending on your default FORWARD policy
iptables -I DOCKER -d 88.99.114.16/28 -j ACCEPT
可以从外部访问子网上的服务
Services on the subnet will be accessible from the outside world
docker run --net=name0 busybox \
nc -lp 80 -e echo -e "HTTP/1.0 200 OK\nContent-Length: 3\n\nHi\n"
然后在外面
○→ ping -c 2 88.99.114.18
PING 88.99.114.18 (88.99.114.18): 56 data bytes
64 bytes from 88.99.114.18: icmp_seq=0 ttl=63 time=0.527 ms
64 bytes from 88.99.114.18: icmp_seq=1 ttl=63 time=0.417 ms
--- 88.99.114.18 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.417/0.472/0.527/0.055 ms
○→ curl 88.99.114.18
Hi
不需要macvlan接口映射.
No need for macvlan interface mapping.
当我只有IP时,如何使用macvlan网络运行容器 地址,但没有mac地址?
How do I run a container using macvlan network when I have only IP address but no mac address?
macvlan用于将物理/主机接口映射到容器中.由于这些地址没有物理接口,因此很难将其映射到容器中.
macvlan is use to map a physical/host interface into a container. As you don't have a physical interface for these addresses it will be hard to map one into a container.
这篇关于Docker Macvlan网络,无法访问互联网的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
