是什么阻止我从 Docker 容器 ping 到 WireGuard 客户端?

tag-icon tag-icon networking docker wireguard
是什么阻止我从 Docker 容器 ping 到 WireGuard 客户端?

您好,我正在我的 vps 上搭建一个实验室。我使用 docker 上的“用户定义桥接”网络将实验室的网络 docker 化,并将一个 wireguard 实例放在这个 docker 化网络中。我可以从我的客户端 ping 到 docker 化网络内的任何服务器,但我无法从 docker 化网络的任何服务器 ping 到我的客户端。

在此处输入图片描述

这是我的docker-compose

networks:
  testnetwork:
    driver: bridge
    ipam:
      config:
      - subnet: 10.0.1.0/24

services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: testnetwork_wireguard
    restart: always
    cap_add:
    - NET_ADMIN
    environment:
    - PUID=1000
    - PGID=1000
    - TZ=Europe/London
    - SERVERURL=192.168.56.12 #ip of a test vm that will be replaced with my vps once everything works
    - ALLOWEDIPS=10.0.1.0/24
    - SERVERPORT=51820
    - PEERS=1
    - LOG_CONFS=true
    - PEERDNS=10.0.1.253
    volumes:
      - ./config:/config
    ports:
      - 51820:51820/udp
    networks:
      testnetwork:
        ipv4_address: 10.0.1.254

  dnsmasq:
    image: strm/dnsmasq
    container_name: testnetwork_dnsmasq
    restart: always
    volumes:
      - ./dnsmasq.conf:/etc/dnsmasq.conf
    cap_add:
      - NET_ADMIN
    networks:
      testnetwork:
        ipv4_address: 10.0.1.253
    
 
  debian1:
    build: /mydockers/debian
    environment:
    - SOMEENVNAME=testnetwork
    networks:
      testnetwork:
        ipv4_address: 10.0.1.50
  
  nginx1:
    image: nginx
    networks:
      testnetwork:
        ipv4_address: 10.0.1.51

我可以 ping 10.0.1.51 甚至可以对其进行 curl :

client$ ping -c 4 10.0.1.51
PING 10.0.1.51 (10.0.1.51) 56(84) bytes of data.
64 bytes from 10.0.1.51: icmp_seq=1 ttl=63 time=1.55 ms
64 bytes from 10.0.1.51: icmp_seq=2 ttl=63 time=0.587 ms
64 bytes from 10.0.1.51: icmp_seq=3 ttl=63 time=0.436 ms
64 bytes from 10.0.1.51: icmp_seq=4 ttl=63 time=0.600 ms

client$ curl 10.0.1.51     
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
...

但是从 nginx 到客户端:

client$ ip a --brief
$ipa
lo               UNKNOWN        127.0.0.1/8 ::1/128 
enp0s31f6        UP             xxxx 
wlp0s20f3        DOWN           
docker0          DOWN           172.17.0.1/16 
vboxnet0         UP             192.168.56.1/24 
vboxnet1         DOWN           
enx0c379687de77  DOWN           
wg0             UNKNOWN        10.13.13.2/32


---------
nginx$  ping 10.13.13.2
PING 10.13.13.2 (10.13.13.2) 56(84) bytes of data.
^C
--- 10.13.13.2 ping statistics ---
43 packets transmitted, 0 received, 100% packet loss, time 42970ms

你能帮忙弄清楚为什么沟通只是单向的吗?

相关内容