Docker容器无法访问互联网 [英] Docker container cannot access internet
问题描述
我正在处理这个问题的第二个星期,互联网上没有任何内容有助于解决我的问题。
问题是没有指定--net =主机,我不能从我的码头容器访问互联网。
/ home / dnadave> docker运行-it --net = host --rm debian:jessie ping 8.8.8.8
PING 8.8.8.8(8.8.8.8):56个数据字节
从8.8.8.8的64个字节:icmp_seq = 0 ttl = 54 time = 12.059 ms
从8.8.8.8开始64个字节:icmp_seq = 1 ttl = 54时间= 11.120 ms
^ C --- 8.8.8.8 ping统计---
2传送数据包,接收到2个数据包,0%丢包
往返最小/ avg / max / stddev = 11.120 / 11.589 / 12.059 / 0.470 ms
/ home / dnadave> docker运行-it -rm debian:jessie ping 8.8.8.8
PING 8.8.8.8(8.8.8.8):56个数据字节
^ C --- 8.8.8.8 ping统计---
4个数据包传输,0个数据包接收,100%丢包
我已经禁用了我的防火墙和刷新了我的iptables规则,并遵循了很多很多与Docker有关的问题的许多其他建议。迄今为止,我的容器已经连接到网络。
为什么我可以使用--net = host访问网络?那么当默认网络不起作用的时候你就不能构建容器。
这里有一些相关的细节我看过其他帖子问:
linux-3nwo:/ var / lib#docker info
容器:0
图片:2
存储驱动:devicemapper
池名称:docker-254:2-1328636-pool
池块大小:65.54 kB
备份文件系统:extfs
数据文件:/ dev / loop0
元数据文件:/ dev / loop1
使用的数据空间:1.973 GB
数据空间总计:107.4 GB
可用数据空间:105.4 GB
使用的元数据空间:1.61 MB
元数据空间总计:2.147 GB
可用的元数据空间:2.146 GB
支持的Udev同步支持:true
延迟删除启用:false
数据循环文件:/ var / lib / docker /数据库循环文件:/ var / lib / docker / devicemap / / devicemap /元数据
库版本:1.03.01(2015-05-15)
执行驱动程序:native -0.2
记录驱动程序:json-file
Ker nel版本:4.1.12-1默认
操作系统:openSUSE Leap 42.1(x86_64)
CPU:32
总内存:125.9 GiB
名称:linux-3nwo
ID:7MDY:2LCE:NMQ2:3INA:HL4A:LRTZ:VL43:TLBT:M5UN:PF7G:KKGN:AM6D
警告:没有交换限制支持
linux-3nwo:/ var / lib# docker版本
客户端:
版本:1.8.2
API版本:1.20
转到版本:go1.4.2
Git提交:0a8c2e3
内置:
OS / Arch:linux / amd64
服务器:
版本:1.8.2
API版本:1.20
转到版本:go1.4.2
Git commit:0a8c2e3
内置:
操作系统/ Arch:linux / amd64
linux-3nwo:/ var / lib#ip a
1:lo:< LOOPBACK,UP ,LOWER_UP> mtu 65536 qdisc noqueue状态UNKNOWN组默认
link / loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8范围主机lo
valid_lft永远preferred_lft永远
inet6 :: 1/128范围主机
valid_lft永远preferred_lft永远
2:eth0:< BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq状态UP组默认qlen 1000
link / ether 00:25:90:c5:53:60 brd ff:ff:ff:ff:ff:ff
inet 10.0.xxx.82 / 23 brd 10.0.253.255范围全局eth0
valid_lft永远preferred_lft永远
inet6 fe80 :: 225:90ff:fec5:5360/64范围链接
valid_lft永远preferred_lft永远
3: eth1:< NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link / ether 00:25:90:c5:53:61 brd ff:ff:ff:ff:ff:ff
4:docker0:广播,多播,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP组默认
link / ether 02:42:7f:2d:f8:9c brd ff:ff:ff:ff:ff:ff
inet 172.17.42.1/16 scope global docker0
valid_lft永远preferred_lft永远
inet6 fe80 :: 42:7fff:fe2d:f89c / 64范围链接
valid_lft永远preferred_lft永远
22:vboxnet0:< BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link / ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
46:veth98c3765 @ if45: <广播,多播,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0状态UP组默认
link / ether 72:d2:9b:09:48:90 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80 :: 70d2:9bff:fe09:4890/64范围链接
valid_lft永远preferred_lft永远
linux-3nwo:/ var / lib#brctl show
桥名桥接ID STP启用接口
docker0 8000.02427f2df89c否veth98c3765
linux-3nwo:/ var / lib#ip route
默认通过10.0.xxy.1 dev eth0 proto dhcp
10.0.xxy.0 / 23 dev eth0 proto内核范围链接src 10.0.xxx.82
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1
linux-3nwo:/ var / lib#iptables -L -v -n
Chain INPUT(policy ACCEPT 12M packets,7205M bytes)
pkts bytes target prot opt out out source destination
Chain FORWARD(policy ACCEPT 573 packets,48132 bytes)
pkts字节目标保留选择输出源tination
链路OUTPUT(策略ACCEPT 10M数据包,2311M字节)
pkts字节目标保护选择输出源目标
linux-3nwo:/ var / lib#iptables -L - n -t nat
链条PREROUTING(policy ACCEPT)
target prot opt source destination
DOCKER all - 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
DOCKER all - 0.0.0.0/0!127.0.0.0/8 ADDRTYPE match dst-type LOCAL
链INPUT(policy ACCEPT)
target prot opt source destination
链OUTPUT(政策接受)
目标保护选择源目的地
链POSTROUTING(政策接受)
目标保护选择源目的地
链DOCKER(2参考)
target prot opt source destination
让我知道如果你需要别的东西来帮助弄清楚为什么我不能得到默认的网桥工作。
请注意,在上面的输出中,xxx和xxy是不同的子网号码。
这是tcpdump和iptables的输出:
linux-3nwo:/ var / lib#tcpdump -ni eth0
tcpdump:详细输出被禁止,使用-v或-vv进行全协议解码
监听eth0,link-type EN10MB(以太网)捕获大小65535字节
09:33:44.694711 ARP,请求拥有者10.0.252.1告知10.0.253.189,长度46
09:33:44.707861 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度292
09:33:44.734664 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度49
09:33:44.815213 ARP,请求谁拥有10.0.252.31告诉10.0.253.199,长度46
09:33:44.951684 IP 10.0.253.66.137 > 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:44.966217 STP 802.1w,Rapid STP,Flags [Proposal],bridge-id 8000.40:b4:f0:b9:b2:81.82c4,length 43
09:33:44.986628 ARP ,请求谁拥有10.0.252.5告诉10.0.253.30,长度46
09:33:45.116595 ARP,请求拥有10.0.253.66告诉10.0.252.154,长度46
09:33:45.117351 ARP ,请求谁拥有10.0.252.154告诉10.0.253.66,长度46
09:33:45.259474 IP 10.0.253.82.5353> 224.0.0.251.5353:0 * - [0q] 3/0/0(缓存刷新)SRV linux-3nwo.local.:0 0 0(缓存刷新)A 10.0.253.82(缓存刷新)TXTname = linux-3nwouuid = f73a028a-263b-42ed-a070-bafa703a2da7type = NoMachineport = 0OS = openSUSE Leap 42.1(x86_64)HW = Supermicro X9DAXmac = 00: 90:c5:53:60service = nx:4000ip = 10.0.253.82; 172.17.42.1; fe80 :: 225:90ff:fec5:5360; fe80 :: 42:7fff:fe2d:f89c; fe80: :6810:94ff:fea6:3eea(385)
09:33:45.273468 IP 10.0.253.20.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:45.316500 IP 172.17.0.8> 8.8.8.8:ICMP回显请求,id 1,seq 12,length 64
09:33:45.406752 IP 10.0.253.37.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:45.432241 IP 10.0.253.25.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:45.701715 IP 10.0.253.66.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:45.813602 ARP,请求谁拥有10.0.252.31告诉10.0.253.199,长度46
09:33:45.828616 ARP,请求谁拥有10.0.252.11告诉10.0.252.187长度46
09:33:45.844097 IP6 fe80 :: 3cc4:9f10:cfc6:39ac.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:45.979351 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度1350
09:33:45.979471 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,length 1350
09:33:45.979545 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度854
09:33:45.997331 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度40
09:33:45.998852 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,length 1350
09:33:46.005539 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度30
09:33:46.037852 IP 10.0.253.20.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:46.048897 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度30
09:33:46.141264 IP 10.0.253.37.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:46.196611 IP 10.0.253.25.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:46.302958 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度113
09:33:46.314737 IP 10.0.253.82.48551> 10.0.252.3.53:47613+ A? chatenabled.mail.google.com。 (45)
09:33:46.317614 IP 172.17.0.8> 8.8.8.8:ICMP回显请求,id 1,seq 13,length 64
09:33:46.328701 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度49
09:33:46.339058 IP 10.0.252.3.53> 10.0.253.82.48551:47613 2/0/0 CNAME b.googlemail.l.google.com。,A 216.58.216.167(90)
09:33:46.339372 IP 10.0.253.82.38118> 216.58.216.167.443:标志[S],seq 1946932641,win 29200,options [mss 1460,sackOK,TS val 123005594 ecr 0,nop,wscale 7],length 0
09:33:46.339722 IP 216.58。 216.167.443> 10.0.253.82.38118:标志[S.],seq 1266324944,ack 1946932642,win 43690,options [mss 1400,sackOK,TS val 1232193259 ecr 123005594,nop,wscale 7],length 0
09:33: 46.339787 IP 10.0.253.82.38118> 216.58.216.167.443:标志[。],ack 1,win 229,options [nop,nop,TS val 123005594 ecr 1232193259],length 0
09:33:46.340738 IP 10.0.253.82.38118> 216.58.216.167.443:标志[P.],seq 1:220,ack 1,win 229,options [nop,nop,TS val 123005594 ecr 1232193259],length 219
09:33:46.341189 IP 216.58。 216.167.443> 10.0.253.82.38118:标志[。],ack 220,win 350,options [nop,nop,TS val 1232193260 ecr 123005594],length 0
09:33:46.345530 IP6 fe80 :: 515e:7529:ba62 :109c.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:46.406369 IP 216.58.216.167.443> 10.0.253.82.38118:标志[P.],seq 1:4097,ack 220,win 350,options [nop,nop,TS val 1232193279 ecr 123005594],length 4096
09:33:46.406425 IP 10.0。 253.82.38118> 216.58.216.167.443:标志[。],ack 4097,win 293,options [nop,nop,TS val 123005611 ecr 1232193279],length 0
09:33:46.406556 IP 216.58.216.167.443> 10.0.253.82.38118:标志[P.],seq 4097:4192,ack 220,win 350,options [nop,nop,TS val 1232193279 ecr 123005611],length 95
09:33:46.406596 IP 10.0。 253.82.38118> 216.58.216.167.443:标志[。],ack 4192,win 293,options [nop,nop,TS val 123005611 ecr 1232193279],length 0
09:33:46.415570 IP 10.0.253.82.38118> 216.58.216.167.443:标志[P.],seq 220:482,ack 4192,win 293,options [nop,nop,TS val 123005613 ecr 1232193279],length 262
09:33:46.415702 IP 216.58。 216.167.443> 10.0.253.82.38118:标志[。],ack 482,win 359,options [nop,nop,TS val 1232193282 ecr 123005613],length 0
09:33:46.427730 IP 216.58.216.167.443> 10.0.253.82.38118:标志[P.],seq 4192:4486,ack 482,win 359,options [nop,nop,TS val 1232193286 ecr 123005613],length 294
09:33:46.432424 IP 10.0。 253.82.38118> 216.58.216.167.443:标志[P.],seq 482:535,ack 4486,win 314,options [nop,nop,TS val 123005617 ecr 1232193286],length 53
09:33:46.432527 IP 10.0。 253.82.38118> 216.58.216.167.443:标志[P.],seq 535:585,ack 4486,win 314,options [nop,nop,TS val 123005617 ecr 1232193286],length 50
09:33:46.432540 IP 216.58。 216.167.443> 10.0.253.82.38118:标志[P.],seq 4486:4584,ack 535,win 359,options [nop,nop,TS val 1232193287 ecr 123005617],length 98
09:33:46.432695 IP 10.0。 253.82.38118> 216.58.216.167.443:标志[P.],seq 585:627,ack 4584,win 314,options [nop,nop,TS val 123005617 ecr 1232193287],length 42
09:33:46.432840 IP 216.58。 216.167.443> 10.0.253.82.38118:标志[。],ack 627,win 359,options [nop,nop,TS val 1232193287 ecr 123005617],length 0
09:33:46.433160 IP 10.0.253.82.38118> 216.58.216.167.443:标志[P.],seq 627:2069,ack 4584,win 314,options [nop,nop,TS val 123005618 ecr 1232193287],length 1442
09:33:46.433280 IP 10.0。 253.82.38118> 216.58.216.167.443:标志[P.],seq 2069:2107,ack 4584,win 314,options [nop,nop,TS val 123005618 ecr 1232193287],length 38
09:33:46.433294 IP 216.58。 216.167.443> 10.0.253.82.38118:标志[。],ack 2069,win 1024,options [nop,nop,TS val 1232193287 ecr 123005618],length 0
09:33:46.446278 IP 216.58.216.167.443> 10.0.253.82.38118:标志[P.],seq 4584:4622,ack 2107,win 1024,options [nop,nop,TS val 1232193291 ecr 123005618],length 38
09:33:46.484848 IP 10.0。 253.82.38118> 216.58.216.167.443:标志[。],ack 4622,win 314,options [nop,nop,TS val 123005631 ecr 1232193291],length 0
09:33:46.485009 IP 216.58.216.167.443> 10.0.253.82.38118:标志[P.],seq 4622:5489,ack 2107,win 1024,options [nop,nop,TS val 1232193303 ecr 123005631],length 867
09:33:46.485046 IP 10.0。 253.82.38118> 216.58.216.167.443:标志[。],ack 5489,win 336,options [nop,nop,TS val 123005631 ecr 1232193303],length 0
09:33:46.486329 IP 10.0.253.82.38118> 216.58.216.167.443:标志[P.],seq 2107:2153,ack 5489,win 336,options [nop,nop,TS val 123005631 ecr 1232193303],length 46
09:33:46.489529 IP 10.0。 253.82.57774> 173.194.33.118.443:UDP,长度229
09:33:46.524219 IP 216.58.216.167.443> 10.0.253.82.38118:标志[。],ack 2153,win 1024,options [nop,nop,TS val 1232193315 ecr 123005631],length 0
09:33:46.528035 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,length 33
09:33:46.580067 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度149
09:33:46.581176 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度20
09:33:46.581293 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度46
09:33:46.586292 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,length 1350
09:33:46.586350 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度1350
09:33:46.586398 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度817
09:33:46.604126 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度36
09:33:46.632662 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度30
09:33:46.768722 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度49
09:33:46.770637 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,length 63
09:33:46.789002 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,length 32
09:33:46.801044 STP 802.1w,Rapid STP,Flags [Proposal],bridge-id 8000.40:b4:f0:b9:b2:81.82c4,length 43
09:33:46.813571 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度30
09:33:46.814971 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度43
09:33:46.858966 ARP,请求拥有者10.0.252.31告诉10.0.253.199,长度46
09:33:46.895047 IP 10.0.253.37.137 > 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:46.957553 IP6 fe80 :: b01a:80e7:8bb6:9151.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:46.957560 IP6 fe80 :: b01a:80e7:8bb6:9151.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:46.960984 IP 10.0.253.25.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:46.971896 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,length 1350
09:33:46.972007 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,length 1350
09:33:46.972111 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度899
09:33:46.972252 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度34
09:33:46.987867 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度36
09:33:46.988242 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度33
09:33:47.028542 ARP,请求谁拥有10.0.252.22告诉10.0.252.187,长度46
09:33:47.150542 IP 173.194.33.118.443 > 10.0.253.82.57774:UDP,长度69
09:33:47.150586 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,length 172
09:33:47.151005 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度49
09:33:47.200289 IP 10.0.253.188.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:47.268317 IP 10.0.252.122.138> 10.0.252.255.138:NBT UDP PACKET(138)
09:33:47.268767 ARP,请求拥有者10.0.252.255告诉10.0.252.143,长度46
09:33:47.318762 IP 172.17.0.8 > 8.8.8.8:ICMP回显请求,id 1,seq 14,长度64
09:33:47.826000 ARP,请求拥有者10.0.252.31告诉10.0.253.199,长度46
09:33:47.868511 ARP,请求谁拥有10.0.252.255告诉10.0.252.143,长度46
09:33:47.912076 IP6 fe80 :: 5119:e41f:69fb:571a.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:47.965641 IP 10.0.253.188.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:47.976067 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,length 1350
09:33:47.976156 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度1350
09:33:47.976214 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度889
09:33:47.979693 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度1350
09:33:47.979768 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度1350
09:33:47.979833 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度917
09:33:47.979912 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度300
09:33:47.988005 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,length 36
09:33:47.994315 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,length 33
09:33:47.995542 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,length 33
09:33:48.019637 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度30
09:33:48.149231 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,length 88
09:33:48.162129 IP6 fe80 :: 3144:581c:bddd:1174.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:48.174777 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度52
09:33:48.182153 IP6 fe80 :: d5a1:b9ed:5abf:e987.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:48.205805 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度130
09:33:48.206747 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度55
09:33:48.206985 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度43
09:33:48.209197 IP 173.194.33.118.443> 10.0.253.82.57774:UDP,长度41
09:33:48.212576 ARP,请求拥有者10.0.252.3告诉10.0.253.200,长度46
09:33:48.213464 ARP,请求谁拥有10.0.253.200告诉10.0.252.3,长度46
09:33:48.235155 IP 10.0.253.82.57774> 173.194.33.118.443:UDP,长度40
09:33:48.319893 IP 172.17.0.8> 8.8.8.8:ICMP回显请求,id 1,seq 15,长度64
09:33:48.368223 ARP,请求拥有者10.0.253.25告诉10.0.252.154,长度46
09:33:48.368497 ARP,请求谁拥有10.0.252.154告诉10.0.253.25,长度46
09:33:48.372105 ARP,请求谁拥有10.0.252.109告诉10.0.253.199,长度46
09:33:48.385849 ARP,请求谁拥有10.0.253.143告诉10.0.252.104,长度46
09:33:48.386598 ARP,请求谁拥有10.0.252.104告诉10.0.253.143,长度46
09:33:48.423585 ARP,请求谁拥有10.0.252.122告诉10.0.252.121,长度46
09:33:48.468500 ARP,请求谁拥有10.0.252.255告诉10.0.252.143,长度46
09:33:48.636354 IP 10.0.253.82.58726> 10.0.252.3.53:48237+ A? careers.stackoverflow.com。 (43)
09:33:48.662658 IP6 fe80 :: a40b:27e1:9478:e1be.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:48.696961 STP 802.1w,Rapid STP,Flags [Proposal],bridge-id 8000.40:b4:f0:b9:b2:81.82c4,length 43
09:33:48.731101 IP 10.0.253.188.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:48.794708 IP6 fe80 :: 4970:ce3b:d6f3:3195.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:48.824379 ARP,请求谁拥有10.0.252.31告诉10.0.253.199,长度46
09:33:49.131326 ARP,请求谁拥有10.0 .252.5告诉10.0.253.177,长度46
09:33:49.321019 IP 172.17.0.8> 8.8.8.8:ICMP回显请求,id 1,seq 16,长度64
09:33:49.323655 ARP,请求谁拥有10.0.252.109告诉10.0.253.199,长度46
09:33:49.368507 ARP,请求谁拥有10.0.252.255告诉10.0.252.143,长度46
09:33:49.476222 ARP,请求拥有者10.0.252.22告诉10.0.252.183,长度46
09:33:49.511487 IP 10.0.253.30.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:49.609076 ARP,请求谁拥有10.0.252.5告诉10.0.253.21,长度46
09:33:49.609781 ARP,请求具有10.0.253.21告诉10.0.252.5的长度46
09:33:49.659080 IP6 fe80 :: a40b:27e1:9478:e1be.546> ff02 :: 1:2.547:dhcp6 solicit
09:33:49.999318 IP 10.0.253.21.68> 255.255.255.255.67:BOOTP / DHCP,请求8c:89:a5:93:01:ce,长度300
09:33:49.999948 IP 10.0.252.5.67> 255.255.255.255.68:BOOTP / DHCP,回复,长度311
09:33:49.999997 IP 10.0.252.3.67> 255.255.255.255.68:BOOTP / DHCP,回复,长度311
09:33:50.268462 ARP,请求谁拥有10.0.252.255告诉10.0.252.143,长度46
09:33:50.277206 IP 10.0 .253.30.137> 10.0.253.255.137:NBT UDP PACKET(137):QUERY;请求; BROADCAST
09:33:50.321988 ARP,请求拥有者10.0.252.109告诉10.0.253.199,长度46
09:33:50.322153 IP 172.17.0.8> 8.8.8.8:ICMP回显请求,id 1,seq 17,length 64
09:33:50.500890 STP 802.1w,Rapid STP,Flags [Proposal],bridge-id 8000.40:b4:f0:b9:b2: 81.82c4,长度43
09:33:50.592916 ARP,请求拥有者10.0.252.5告诉10.0.253.45,长度46
^ C
收到的153个数据包
收到154个数据包通过过滤器
0内核丢弃的数据包
linux-3nwo:/ var / lib#iptables -L -n
链INPUT(policy ACCEPT)
target prot opt source destination
链条FORWARD(政策接受)
目标prot opt源目的地
链路OUTPUT(策略ACCEPT)
目标prot opt源目的地
以下是iptables -t nat -L的更好的视图:
linux-3nwo:〜#iptables -t nat -L
链条PREROUTING(policy ACCEPT)
target prot opt source destination
DOCKER all - anywhere!循环返回/ 8 ADDRTYPE匹配dst-type LOCAL
链INPUT(policy ACCEPT)
目标prot opt源目的地
链OUTPUT(policy ACCEPT)
目标保护选择源目的地
链接POSTROUTING(政策接受)
目标prot opt源目的地
链DOCKER(1参考)
目标prot opt源目的地
在Stackengine.com的Jessie Ahrens的帮助下,我们能够确定套接字连接是问题。我们通过手动创建一个新的套接字,发现网络问题消失了。最后的修复是从以下内容编辑/usr/lib/systemd/system/docker.service:
[单位]
/ pre>
描述= Docker应用程序容器引擎
文档= http://docs.docker.com
After = network.target docker.socket
Requires = docker.socket
[服务]
EnvironmentFile = / etc / sysconfig / docker
ExecStart = / usr / bin / docker -d -H fd:// $ DOCKER_OPTS
MountFlags = slave
LimitNOFILE = 1048576
LimitNPROC = 1048576
LimitCORE = infinity
[安装]
WantedBy = multiuser.target
to:
[单位]
描述= Docker应用程序容器引擎
文档= http://docs.docker.com
之后= network.target docker.socket
Requires = docker.socket
[Service]
EnvironmentFile = / etc / sysconfig / docker
ExecStart = / usr / bin / docker -d -H unix:///var/run/docker.sock $ DOCKER_OPTS
MountFlags = slave
LimitNOFILE = 1048576
LimitNPROC = 1048576
LimitCORE = i nfinity
[安装]
WantedBy = multiuser.target
I'm on my second week of working through this problem and nothing on the internet has helped fix my issue.
The problem is that without specifying --net=host, I cannot access the internet from my docker containers.
/home/dnadave> docker run -it --net=host --rm debian:jessie ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=54 time=12.059 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=11.120 ms ^C--- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 11.120/11.589/12.059/0.470 ms /home/dnadave> docker run -it --rm debian:jessie ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes ^C--- 8.8.8.8 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss
I've disabled my firewall and flushed my iptables rules and followed many, many other suggestions in posts from many, many docker related issues that look like mine. Nothing so far has enabled my containers to connect to the net.
Why do I care when I can access the net using --net=host? Well, you can't build containers when the default networking doesn't work.
Here are some relevant details I've seen other posts ask:
linux-3nwo:/var/lib # docker info Containers: 0 Images: 2 Storage Driver: devicemapper Pool Name: docker-254:2-1328636-pool Pool Blocksize: 65.54 kB Backing Filesystem: extfs Data file: /dev/loop0 Metadata file: /dev/loop1 Data Space Used: 1.973 GB Data Space Total: 107.4 GB Data Space Available: 105.4 GB Metadata Space Used: 1.61 MB Metadata Space Total: 2.147 GB Metadata Space Available: 2.146 GB Udev Sync Supported: true Deferred Removal Enabled: false Data loop file: /var/lib/docker/devicemapper/devicemapper/data Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata Library Version: 1.03.01 (2015-05-15) Execution Driver: native-0.2 Logging Driver: json-file Kernel Version: 4.1.12-1-default Operating System: openSUSE Leap 42.1 (x86_64) CPUs: 32 Total Memory: 125.9 GiB Name: linux-3nwo ID: 7MDY:2LCE:NMQ2:3INA:HL4A:LRTZ:VL43:TLBT:M5UN:PF7G:KKGN:AM6D WARNING: No swap limit support linux-3nwo:/var/lib # docker version Client: Version: 1.8.2 API version: 1.20 Go version: go1.4.2 Git commit: 0a8c2e3 Built: OS/Arch: linux/amd64 Server: Version: 1.8.2 API version: 1.20 Go version: go1.4.2 Git commit: 0a8c2e3 Built: OS/Arch: linux/amd64 linux-3nwo:/var/lib # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:25:90:c5:53:60 brd ff:ff:ff:ff:ff:ff inet 10.0.xxx.82/23 brd 10.0.253.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::225:90ff:fec5:5360/64 scope link valid_lft forever preferred_lft forever 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000 link/ether 00:25:90:c5:53:61 brd ff:ff:ff:ff:ff:ff 4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:7f:2d:f8:9c brd ff:ff:ff:ff:ff:ff inet 172.17.42.1/16 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:7fff:fe2d:f89c/64 scope link valid_lft forever preferred_lft forever 22: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff 46: veth98c3765@if45: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether 72:d2:9b:09:48:90 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::70d2:9bff:fe09:4890/64 scope link valid_lft forever preferred_lft forever linux-3nwo:/var/lib # brctl show bridge name bridge id STP enabled interfaces docker0 8000.02427f2df89c no veth98c3765 linux-3nwo:/var/lib # ip route default via 10.0.xxy.1 dev eth0 proto dhcp 10.0.xxy.0/23 dev eth0 proto kernel scope link src 10.0.xxx.82 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1 linux-3nwo:/var/lib # iptables -L -v -n Chain INPUT (policy ACCEPT 12M packets, 7205M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 573 packets, 48132 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 10M packets, 2311M bytes) pkts bytes target prot opt in out source destination linux-3nwo:/var/lib # iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain DOCKER (2 references) target prot opt source destination
Let me know if you need something else to help figure out why I can't get the default network bridge to work.
Note that in the above output, xxx and xxy are different subnet numbers.
Here is the output from tcpdump and iptables:
linux-3nwo:/var/lib # tcpdump -ni eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 09:33:44.694711 ARP, Request who-has 10.0.252.1 tell 10.0.253.189, length 46 09:33:44.707861 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 292 09:33:44.734664 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 49 09:33:44.815213 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 09:33:44.951684 IP 10.0.253.66.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:44.966217 STP 802.1w, Rapid STP, Flags [Proposal], bridge-id 8000.40:b4:f0:b9:b2:81.82c4, length 43 09:33:44.986628 ARP, Request who-has 10.0.252.5 tell 10.0.253.30, length 46 09:33:45.116595 ARP, Request who-has 10.0.253.66 tell 10.0.252.154, length 46 09:33:45.117351 ARP, Request who-has 10.0.252.154 tell 10.0.253.66, length 46 09:33:45.259474 IP 10.0.253.82.5353 > 224.0.0.251.5353: 0*- [0q] 3/0/0 (Cache flush) SRV linux-3nwo.local.:0 0 0, (Cache flush) A 10.0.253.82, (Cache flush) TXT "name=linux-3nwo" "uuid=f73a028a-263b-42ed-a070-bafa703a2da7" "type=NoMachine" "port=0" "OS=openSUSE Leap 42.1 (x86_64)" "HW=Supermicro X9DAX" "mac=00:25:90:c5:53:60" "service=nx:4000" "ip=10.0.253.82;172.17.42.1;fe80::225:90ff:fec5:5360;fe80::42:7fff:fe2d:f89c;fe80::6810:94ff:fea6:3eea" (385) 09:33:45.273468 IP 10.0.253.20.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:45.316500 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 12, length 64 09:33:45.406752 IP 10.0.253.37.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:45.432241 IP 10.0.253.25.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:45.701715 IP 10.0.253.66.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:45.813602 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 09:33:45.828616 ARP, Request who-has 10.0.252.11 tell 10.0.252.187, length 46 09:33:45.844097 IP6 fe80::3cc4:9f10:cfc6:39ac.546 > ff02::1:2.547: dhcp6 solicit 09:33:45.979351 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:45.979471 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:45.979545 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 854 09:33:45.997331 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 40 09:33:45.998852 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:46.005539 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 09:33:46.037852 IP 10.0.253.20.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:46.048897 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 09:33:46.141264 IP 10.0.253.37.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:46.196611 IP 10.0.253.25.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:46.302958 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 113 09:33:46.314737 IP 10.0.253.82.48551 > 10.0.252.3.53: 47613+ A? chatenabled.mail.google.com. (45) 09:33:46.317614 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 13, length 64 09:33:46.328701 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 49 09:33:46.339058 IP 10.0.252.3.53 > 10.0.253.82.48551: 47613 2/0/0 CNAME b.googlemail.l.google.com., A 216.58.216.167 (90) 09:33:46.339372 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [S], seq 1946932641, win 29200, options [mss 1460,sackOK,TS val 123005594 ecr 0,nop,wscale 7], length 0 09:33:46.339722 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [S.], seq 1266324944, ack 1946932642, win 43690, options [mss 1400,sackOK,TS val 1232193259 ecr 123005594,nop,wscale 7], length 0 09:33:46.339787 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 1, win 229, options [nop,nop,TS val 123005594 ecr 1232193259], length 0 09:33:46.340738 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 1:220, ack 1, win 229, options [nop,nop,TS val 123005594 ecr 1232193259], length 219 09:33:46.341189 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 220, win 350, options [nop,nop,TS val 1232193260 ecr 123005594], length 0 09:33:46.345530 IP6 fe80::515e:7529:ba62:109c.546 > ff02::1:2.547: dhcp6 solicit 09:33:46.406369 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 1:4097, ack 220, win 350, options [nop,nop,TS val 1232193279 ecr 123005594], length 4096 09:33:46.406425 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 4097, win 293, options [nop,nop,TS val 123005611 ecr 1232193279], length 0 09:33:46.406556 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4097:4192, ack 220, win 350, options [nop,nop,TS val 1232193279 ecr 123005611], length 95 09:33:46.406596 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 4192, win 293, options [nop,nop,TS val 123005611 ecr 1232193279], length 0 09:33:46.415570 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 220:482, ack 4192, win 293, options [nop,nop,TS val 123005613 ecr 1232193279], length 262 09:33:46.415702 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 482, win 359, options [nop,nop,TS val 1232193282 ecr 123005613], length 0 09:33:46.427730 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4192:4486, ack 482, win 359, options [nop,nop,TS val 1232193286 ecr 123005613], length 294 09:33:46.432424 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 482:535, ack 4486, win 314, options [nop,nop,TS val 123005617 ecr 1232193286], length 53 09:33:46.432527 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 535:585, ack 4486, win 314, options [nop,nop,TS val 123005617 ecr 1232193286], length 50 09:33:46.432540 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4486:4584, ack 535, win 359, options [nop,nop,TS val 1232193287 ecr 123005617], length 98 09:33:46.432695 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 585:627, ack 4584, win 314, options [nop,nop,TS val 123005617 ecr 1232193287], length 42 09:33:46.432840 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 627, win 359, options [nop,nop,TS val 1232193287 ecr 123005617], length 0 09:33:46.433160 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 627:2069, ack 4584, win 314, options [nop,nop,TS val 123005618 ecr 1232193287], length 1442 09:33:46.433280 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 2069:2107, ack 4584, win 314, options [nop,nop,TS val 123005618 ecr 1232193287], length 38 09:33:46.433294 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 2069, win 1024, options [nop,nop,TS val 1232193287 ecr 123005618], length 0 09:33:46.446278 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4584:4622, ack 2107, win 1024, options [nop,nop,TS val 1232193291 ecr 123005618], length 38 09:33:46.484848 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 4622, win 314, options [nop,nop,TS val 123005631 ecr 1232193291], length 0 09:33:46.485009 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [P.], seq 4622:5489, ack 2107, win 1024, options [nop,nop,TS val 1232193303 ecr 123005631], length 867 09:33:46.485046 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [.], ack 5489, win 336, options [nop,nop,TS val 123005631 ecr 1232193303], length 0 09:33:46.486329 IP 10.0.253.82.38118 > 216.58.216.167.443: Flags [P.], seq 2107:2153, ack 5489, win 336, options [nop,nop,TS val 123005631 ecr 1232193303], length 46 09:33:46.489529 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 229 09:33:46.524219 IP 216.58.216.167.443 > 10.0.253.82.38118: Flags [.], ack 2153, win 1024, options [nop,nop,TS val 1232193315 ecr 123005631], length 0 09:33:46.528035 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 33 09:33:46.580067 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 149 09:33:46.581176 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 20 09:33:46.581293 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 46 09:33:46.586292 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:46.586350 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:46.586398 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 817 09:33:46.604126 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 36 09:33:46.632662 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 09:33:46.768722 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 49 09:33:46.770637 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 63 09:33:46.789002 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 32 09:33:46.801044 STP 802.1w, Rapid STP, Flags [Proposal], bridge-id 8000.40:b4:f0:b9:b2:81.82c4, length 43 09:33:46.813571 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 09:33:46.814971 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 43 09:33:46.858966 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 09:33:46.895047 IP 10.0.253.37.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:46.957553 IP6 fe80::b01a:80e7:8bb6:9151.546 > ff02::1:2.547: dhcp6 solicit 09:33:46.957560 IP6 fe80::b01a:80e7:8bb6:9151.546 > ff02::1:2.547: dhcp6 solicit 09:33:46.960984 IP 10.0.253.25.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:46.971896 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:46.972007 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:46.972111 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 899 09:33:46.972252 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 34 09:33:46.987867 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 36 09:33:46.988242 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 33 09:33:47.028542 ARP, Request who-has 10.0.252.22 tell 10.0.252.187, length 46 09:33:47.150542 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 69 09:33:47.150586 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 172 09:33:47.151005 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 49 09:33:47.200289 IP 10.0.253.188.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:47.268317 IP 10.0.252.122.138 > 10.0.252.255.138: NBT UDP PACKET(138) 09:33:47.268767 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 09:33:47.318762 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 14, length 64 09:33:47.826000 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 09:33:47.868511 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 09:33:47.912076 IP6 fe80::5119:e41f:69fb:571a.546 > ff02::1:2.547: dhcp6 solicit 09:33:47.965641 IP 10.0.253.188.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:47.976067 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:47.976156 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:47.976214 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 889 09:33:47.979693 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:47.979768 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 1350 09:33:47.979833 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 917 09:33:47.979912 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 300 09:33:47.988005 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 36 09:33:47.994315 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 33 09:33:47.995542 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 33 09:33:48.019637 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 30 09:33:48.149231 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 88 09:33:48.162129 IP6 fe80::3144:581c:bddd:1174.546 > ff02::1:2.547: dhcp6 solicit 09:33:48.174777 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 52 09:33:48.182153 IP6 fe80::d5a1:b9ed:5abf:e987.546 > ff02::1:2.547: dhcp6 solicit 09:33:48.205805 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 130 09:33:48.206747 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 55 09:33:48.206985 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 43 09:33:48.209197 IP 173.194.33.118.443 > 10.0.253.82.57774: UDP, length 41 09:33:48.212576 ARP, Request who-has 10.0.252.3 tell 10.0.253.200, length 46 09:33:48.213464 ARP, Request who-has 10.0.253.200 tell 10.0.252.3, length 46 09:33:48.235155 IP 10.0.253.82.57774 > 173.194.33.118.443: UDP, length 40 09:33:48.319893 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 15, length 64 09:33:48.368223 ARP, Request who-has 10.0.253.25 tell 10.0.252.154, length 46 09:33:48.368497 ARP, Request who-has 10.0.252.154 tell 10.0.253.25, length 46 09:33:48.372105 ARP, Request who-has 10.0.252.109 tell 10.0.253.199, length 46 09:33:48.385849 ARP, Request who-has 10.0.253.143 tell 10.0.252.104, length 46 09:33:48.386598 ARP, Request who-has 10.0.252.104 tell 10.0.253.143, length 46 09:33:48.423585 ARP, Request who-has 10.0.252.122 tell 10.0.252.121, length 46 09:33:48.468500 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 09:33:48.636354 IP 10.0.253.82.58726 > 10.0.252.3.53: 48237+ A? careers.stackoverflow.com. (43) 09:33:48.662658 IP6 fe80::a40b:27e1:9478:e1be.546 > ff02::1:2.547: dhcp6 solicit 09:33:48.696961 STP 802.1w, Rapid STP, Flags [Proposal], bridge-id 8000.40:b4:f0:b9:b2:81.82c4, length 43 09:33:48.731101 IP 10.0.253.188.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:48.794708 IP6 fe80::4970:ce3b:d6f3:3195.546 > ff02::1:2.547: dhcp6 solicit 09:33:48.824379 ARP, Request who-has 10.0.252.31 tell 10.0.253.199, length 46 09:33:49.131326 ARP, Request who-has 10.0.252.5 tell 10.0.253.177, length 46 09:33:49.321019 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 16, length 64 09:33:49.323655 ARP, Request who-has 10.0.252.109 tell 10.0.253.199, length 46 09:33:49.368507 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 09:33:49.476222 ARP, Request who-has 10.0.252.22 tell 10.0.252.183, length 46 09:33:49.511487 IP 10.0.253.30.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:49.609076 ARP, Request who-has 10.0.252.5 tell 10.0.253.21, length 46 09:33:49.609781 ARP, Request who-has 10.0.253.21 tell 10.0.252.5, length 46 09:33:49.659080 IP6 fe80::a40b:27e1:9478:e1be.546 > ff02::1:2.547: dhcp6 solicit 09:33:49.999318 IP 10.0.253.21.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 8c:89:a5:93:01:ce, length 300 09:33:49.999948 IP 10.0.252.5.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 311 09:33:49.999997 IP 10.0.252.3.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 311 09:33:50.268462 ARP, Request who-has 10.0.252.255 tell 10.0.252.143, length 46 09:33:50.277206 IP 10.0.253.30.137 > 10.0.253.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 09:33:50.321988 ARP, Request who-has 10.0.252.109 tell 10.0.253.199, length 46 09:33:50.322153 IP 172.17.0.8 > 8.8.8.8: ICMP echo request, id 1, seq 17, length 64 09:33:50.500890 STP 802.1w, Rapid STP, Flags [Proposal], bridge-id 8000.40:b4:f0:b9:b2:81.82c4, length 43 09:33:50.592916 ARP, Request who-has 10.0.252.5 tell 10.0.253.45, length 46 ^C 153 packets captured 154 packets received by filter 0 packets dropped by kernel linux-3nwo:/var/lib # iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Here's a better view of iptables -t nat -L:
linux-3nwo:~ # iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DOCKER all -- anywhere !loopback/8 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination
解决方案With help from Jessie Ahrens at Stackengine.com, we were able to identify that the socket connection was the problem. We found this by creating a new socket by hand and observing that the networking issues disappeared. The final fix was to edit /usr/lib/systemd/system/docker.service from:
[Unit] Description=Docker Application Container Engine Documentation=http://docs.docker.com After=network.target docker.socket Requires=docker.socket [Service] EnvironmentFile=/etc/sysconfig/docker ExecStart=/usr/bin/docker -d -H fd:// $DOCKER_OPTS MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity [Install] WantedBy=multi-user.target
to:
[Unit] Description=Docker Application Container Engine Documentation=http://docs.docker.com After=network.target docker.socket Requires=docker.socket [Service] EnvironmentFile=/etc/sysconfig/docker ExecStart=/usr/bin/docker -d -H unix:///var/run/docker.sock $DOCKER_OPTS MountFlags=slave LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity [Install] WantedBy=multi-user.target
这篇关于Docker容器无法访问互联网的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!