当我将 Docker 容器放入子网 192.168.124.0/24 时,它们可以通信。如果我将它们放入 192.168.123.0/24,它们就不能通信。两次应用程序的 IP 配置都正确,实际上唯一不同的是地址来自的子网。
路线输出
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default the.gateway 0.0.0.0 UG 0 0 0 enp9s0
10.0.0.0 * 255.255.255.0 U 0 0 0 enp10s0.500
10.215.60.0 * 255.255.254.0 U 0 0 0 enp9s0
link-local * 255.255.0.0 U 1000 0 0 enp10s0.700
172.17.0.0 * 255.255.0.0 U 0 0 0 docker0
192.168.120.0 * 255.255.255.0 U 0 0 0 enp10s0.700
192.168.130.0 * 255.255.255.0 U 0 0 0 enp10s0.300
224.0.0.0 * 240.0.0.0 U 0 0 0 enp10s0.700
iptables -L 的输出
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:8888
ACCEPT tcp -- anywhere 172.17.0.11 tcp dpt:2002
ACCEPT tcp -- anywhere 172.17.0.11 tcp dpt:2001
ACCEPT tcp -- anywhere 172.17.0.11 tcp dpt:cisco-sccp
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
从这些我看不出有什么问题。问题可能是什么?我该如何找出/修复它?主机是 Ubuntu 16.04