尝试使用 ubuntu 作为路由器将 docker ipvlan 网络集成到我的网络中

tag-icon tag-icon networking docker
尝试使用 ubuntu 作为路由器将 docker ipvlan 网络集成到我的网络中

我已经配置了 ubuntu 20.04 作为我的家用路由器(到目前为止仅有线),我的网络拓扑如下:

网络拓扑结构

到目前为止一切顺利,我的 ubuntu 作为路由器工作正常(我有 NAT 和 IP 转发),最后我保留了为实现它所做的所有配置。

我现在需要的是让一些 docker 容器可以从网络访问(而不仅仅是通过主机),为此我创建了一个 Docker IPVlan 网络,如下所示:

Docker IPVlan
docker network create -d ipvlan --subnet 172.20.0.0/24 --gateway 172.20.0.1 -o parent=lan ipvlanet
Busybox 容器检查互联网访问
docker run --name test --rm --network ipvlanet --ip 172.20.0.5 -ti busybox sh
/ # ping google.com
PING google.com (142.250.0.101): 56 data bytes
^C
--- google.com ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss
/ # ping 172.20.0.1
PING 172.20.0.1 (172.20.0.1): 56 data bytes
^C
--- 172.20.0.1 ping statistics ---
12 packets transmitted, 0 packets received, 100% packet loss

如果我发起 ping 操作,我可以做到,但是似乎无法通过端口连接到容器,这对于我需要启动的所有其他服务来说都是关键

从我的电脑[172.20.0.7]我可以ping容器
> ping 172.20.0.5
PING 172.20.0.5 (172.20.0.5): 56 data bytes
64 bytes from 172.20.0.5: icmp_seq=0 ttl=64 time=1.436 ms
64 bytes from 172.20.0.5: icmp_seq=1 ttl=64 time=0.787 ms
64 bytes from 172.20.0.5: icmp_seq=2 ttl=64 time=0.746 ms
64 bytes from 172.20.0.5: icmp_seq=3 ttl=64 time=0.756 ms
^C
--- 172.20.0.5 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.746/0.931/1.436/0.292 ms

有任何想法吗?

更多信息!

/etc/netplan/01-onepot.yaml
network:
    version: 2
    renderer: NetworkManager
    ethernets:
        eth0:
            dhcp4: no
            dhcp6: no
        eth1:
            dhcp4: no
            dhcp6: no
        eth2:
            dhcp4: no
            dhcp6: no
            addresses: [192.168.100.2/24]
            routes:
                - to: default
                  via: 192.168.100.1
            nameservers:
                search: []
                addresses: [1.1.1.1, 1.0.0.1]
    bridges:
        lan:
            dhcp4: no
            dhcp6: no
            interfaces: [eth0, eth1]
            addresses: [172.20.0.1/24]
            nameservers:
                search: []
                addresses: [172.20.0.1]
/etc/systemd/resolved.conf
[Resolve]
DNS=1.1.1.1
FallbackDNS=1.0.0.1
DNSStubListener=no
/etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;

host naboo {
  hardware ethernet <my mac address>;
  fixed-address 172.20.0.7;
}

subnet 172.20.0.0 netmask 255.255.255.0 {
    range 172.20.0.50 172.20.0.200;
}

option routers 172.20.0.1;
option domain-name-servers 172.20.0.1;
我的 pihole DNS 服务
docker run \
  --name pihole \
  --mount type=volume,source=pihole-etc,target=/etc \
  --network host \
  --restart unless-stopped \
  -e TZ="America/Santiago" \
  -e WEBPASSWORD='supersecurepassword' \
  -d $PIHOLE_IMG

相关内容