从 docker 容器启用 ubuntu 防火墙对主机服务的访问

Question

搞定了！虽然我不确定这是否是一个通用的解决方案。

事实证明，因为我使用docker-compose默认的 docker0 接口启动容器，而 IP172.17.0.1并不是容器与主机通信的方式。就我而言，docker-compose我创建了一个名为的新网络ops_default：

 ❯❯❯ docker network ls
NETWORK ID     NAME          DRIVER    SCOPE
2774ed101a84   bridge        bridge    local
a6176c796a29   host          host      local
dfcd1606b19d   none          null      local
7415a4410daf   ops_default   bridge    local

检查ops_default结果如下

 ❯❯❯ docker network inspect ops_default
[
    {
        "Name": "ops_default",
        "Id": "7415a4410daf3df718ce957787abd1b9842e4e914fd1b2ff549c80e56d032265",
        "Created": "2022-03-10T16:14:13.789181757Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.22.0.0/16",
                    "Gateway": "172.22.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
        }
    }
]

看来此网络在子网上运行172.22.0.0/16。运行ufw allow from 172.22.0.0/16解决了我的问题！

root@localhost:~/code/metis/ops# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
Anywhere                   ALLOW       172.22.0.0/16
22/tcp (v6)                ALLOW       Anywhere (v6)

root@localhost:~/code/metis/ops# docker exec -it ops_l2geth-mainnet_1 /bin/sh
/ # geth attach http://host.docker.internal:8545
Welcome to the Geth JavaScript console!

instance: Geth/v1.10.17-unstable-19c2c60b-20220308/linux-amd64/go1.17.8
at block: 14360238 (Thu, 10 Mar 2022 16:44:29 UTC)
 modules: eth:1.0 net:1.0 rpc:1.0 web3:1.0

>

Answer 1

搞定了！虽然我不确定这是否是一个通用的解决方案。

事实证明，因为我使用docker-compose默认的 docker0 接口启动容器，而 IP172.17.0.1并不是容器与主机通信的方式。就我而言，docker-compose我创建了一个名为的新网络ops_default：

 ❯❯❯ docker network ls
NETWORK ID     NAME          DRIVER    SCOPE
2774ed101a84   bridge        bridge    local
a6176c796a29   host          host      local
dfcd1606b19d   none          null      local
7415a4410daf   ops_default   bridge    local

检查ops_default结果如下

 ❯❯❯ docker network inspect ops_default
[
    {
        "Name": "ops_default",
        "Id": "7415a4410daf3df718ce957787abd1b9842e4e914fd1b2ff549c80e56d032265",
        "Created": "2022-03-10T16:14:13.789181757Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.22.0.0/16",
                    "Gateway": "172.22.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
        }
    }
]

看来此网络在子网上运行172.22.0.0/16。运行ufw allow from 172.22.0.0/16解决了我的问题！

root@localhost:~/code/metis/ops# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
Anywhere                   ALLOW       172.22.0.0/16
22/tcp (v6)                ALLOW       Anywhere (v6)

root@localhost:~/code/metis/ops# docker exec -it ops_l2geth-mainnet_1 /bin/sh
/ # geth attach http://host.docker.internal:8545
Welcome to the Geth JavaScript console!

instance: Geth/v1.10.17-unstable-19c2c60b-20220308/linux-amd64/go1.17.8
at block: 14360238 (Thu, 10 Mar 2022 16:44:29 UTC)
 modules: eth:1.0 net:1.0 rpc:1.0 web3:1.0

>

从 docker 容器启用 ubuntu 防火墙对主机服务的访问

答案1

相关内容