Docker容器无法ping通外部世界-IPTables [英] Docker container can not ping the outside world - iptables

问题描述

探索Docker 17.06。

exploring Docker 17.06.

我已经在Centos 7上安装了Docker并创建了一个容器。使用默认桥启动容器。我可以对两个主机适配器执行ping操作，但不能对外部设备执行ping操作，例如www.google.com

I've installed docker on Centos 7 and created a container. Started the container with the default bridge. I can ping both host adapters, but not the outside world e.g. www.google.com

所有建议均基于较旧版本的Docker及其iptables设置。

All advise out there is based on older versions of Docker and it's iptables settings.

我想了解如何与外界ping通，请问需要什么？

I would like to understand how to ping to the outside world, what is required please?

TIA！

推荐答案

如果您可以从主机ping通www.google.com，请尝试执行以下步骤：
在主机上运行：

If you able to ping www.google.com from host machine try following these steps : run on host machine:

sudo ip addr show docker0 

您将获得输出其中包括：

You will get output which includes :

inet 172.17.2.1/16 scope global docker0

docker主机在docker0网络接口上的IP地址为172.17.2.1。

The docker host has the IP address 172.17.2.1 on the docker0 network interface.

然后启动容器：

docker run --rm -it ubuntu:trusty bash 

并运行

ip addr show eth0

输出将包括：

inet 172.17.1.29/16 scope global eth0

您的容器的IP地址为172.17.1.29。现在看一下路由表：
run：

Your container has the IP address 172.17.1.29. Now look at the routing table: run:

route

输出将包括：

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.17.2.1     0.0.0.0         UG    0      0        0 eth0

这意味着将Docker主机172.17.2.1的IP地址设置为默认路由，并且可以从您的容器访问。

It Means the IP Address of the docker host 172.17.2.1 is set as the default route and is accessible from your container.

现在尝试ping到您的主机ip：

try ping now to your host machine ip :

root@e21b5c211a0c:/# ping 172.17.2.1
PING 172.17.2.1 (172.17.2.1) 56(84) bytes of data.
64 bytes from 172.17.2.1: icmp_seq=1 ttl=64 time=0.071 ms
64 bytes from 172.17.2.1: icmp_seq=2 ttl=64 time=0.211 ms
64 bytes from 172.17.2.1: icmp_seq=3 ttl=64 time=0.166 ms 

如果这很有用，您会能够ping www.google.com

If this works most probably you'll be able to ping www.google.com

希望它会有所帮助！

这篇关于Docker容器无法ping通外部世界-IPTables的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！