如何将docker容器绑定到特定的外部接口 [英] How could I bind docker container to specific external interface

问题描述

我必须网络接口， eth0 和 eth1 ，

如何将所有docker容器绑定到 eth1 ，并让所有网络流量通过 eth1

How could I bind all docker container to eth1, and let all network traffic go out and in via the eth1

谢谢〜

我试图绑定到$ code> eth1 与133.130.60.36。

I tried to bind to the eth1 with 133.130.60.36.

但我还没有运气，我还是得到eth0 IP作为容器中的公共IP。网络流不通过eth1出去

But i still got no luck, i still get the eth0 IP as the public IP in the container. the network flow is not go out via eth1

➜  ~  docker run -d --name Peach_1 -p 133.130.60.36::9998 -ti sample/ubuntu-vnc-selenium-firefox

➜  ~  docker ps
CONTAINER ID        IMAGE                                 COMMAND                CREATED             STATUS              PORTS                                     NAMES
eb28f0d1c337        sample/ubuntu-vnc-selenium-firefox   "/opt/bin/run_sele_s   4 minutes ago       Up 4 minutes        5901/tcp, 133.130.60.36:32768->9998/tcp   Peach_1

➜  ~  docker exec -ti Peach_1 zsh

➜  /  curl ipecho.net/plain ; echo
133.130.101.114

推荐答案

这是Docker文档的一些内容

Here's something from the docker docs

https://docs.docker.com/engine/userguide/networking/default_network/binding/

如果要限制更多，只允许容器服务
通过主机
机器上的特定外部接口进行联系，则有两种选择。当您调用docker运行时，您可以使用
-p -p：host_port：container_port或-p IP :: port为一个特定绑定指定
外部接口。
或者如果您始终希望Docker端口转发绑定到一个特定的IP地址，您可以编辑系统范围的Docker服务器
设置，并添加选项--ip = IP_ADDRESS。记住在编辑此设置后重新启动
Docker服务器。

If you want to be more restrictive and only allow container services to be contacted through a specific external interface on the host machine, you have two choices. When you invoke docker run you can use either -p IP:host_port:container_port or -p IP::port to specify the external interface for one particular binding. Or if you always want Docker port forwards to bind to one specific IP address, you can edit your system-wide Docker server settings and add the option --ip=IP_ADDRESS. Remember to restart your Docker server after editing this setting.

这篇关于如何将docker容器绑定到特定的外部接口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！