docker的网络路由多个默认网关

tag-icon tag-icon networking docker firewall
docker的网络路由多个默认网关

我有一个带有 docker 的网络服务器主机。我希望在此实例上附加 2 个浮动 IP。但最终docker只向公众提供其中一个浮动IP。

我遵循: https://www.notion.so/bigstack/Dual-WAN-routing-5e4f25a6f7a74a658ec1ead16af86968#57acc41726b749168da9c07c7ed78c0d

用于多个默认网关设置

添加规则 - ens3

sudo ip route add 192.168.100.0/24 dev ens3 src 192.168.100.38 table 100
sudo ip route add default via 192.168.100.1 dev ens3 table 100
sudo ip rule add from 192.168.100.38/32 table 100
sudo ip rule add to 192.168.100.38/32 table 100
sudo ip route add default via 192.168.100.1 metric 100 dev ens3

添加规则 - ens4

sudo ip route add 192.168.101.0/24 dev ens4 src 192.168.101.24 table 200
sudo ip route add default via 192.168.101.1 dev ens4 table 200
sudo ip rule add from 192.168.101.24/32 table 200
sudo ip rule add to 192.168.101.24/32 table 200
sudo ip route add default via 192.168.101.1 metric 200 dev ens4

IP路由及规则

ubuntu@bs-web-test: /var/www/html
$ ip rule show                                                                                                            [11:47:28]
0:  from all lookup local
32762:  from all to 192.168.101.24 lookup 200
32763:  from 192.168.101.24 lookup 200
32764:  from all to 192.168.100.38 lookup 100
32765:  from 192.168.100.38 lookup 100
32766:  from all lookup main
32767:  from all lookup default

ubuntu@bs-web-test: /var/www/html
$ ip route show                                                                                                           [11:47:32]
default via 192.168.100.1 dev ens3 metric 100
default via 192.168.101.1 dev ens4 metric 200
169.254.169.254 via 192.168.101.1 dev ens4 proto dhcp src 192.168.101.24 metric 100
169.254.169.254 via 192.168.100.1 dev ens3 proto dhcp src 192.168.100.38 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-7399437930c9 proto kernel scope link src 172.18.0.1 linkdown
172.19.0.0/16 dev br-9bf79dfaaf1d proto kernel scope link src 172.19.0.1
192.168.100.0/24 dev ens3 proto kernel scope link src 192.168.100.38
192.168.101.0/24 dev ens4 proto kernel scope link src 192.168.101.24

Docker - 我已经在端口 8080 上使用 docker 服务创建了一个网络服务器

Apache2(hostlevel) - 使用 apt 安装 apache2,在端口 80 上提供服务

使用nmap扫描浮动IP

$ nmap 45.x.x.x
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-20 11:32 CST
Nmap scan report for 45.x.x.x
Host is up (0.089s latency).
Not shown: 997 closed ports
PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
8080/tcp filtered http-proxy

Nmap done: 1 IP address (1 host up) scanned in 2.53 seconds

$ nmap 119.x.x.x
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-20 11:32 CST
Nmap scan report for isp.chiefchief.net.tw (119.x.x.x)
Host is up (0.010s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
8080/tcp open  http-proxy

用卷曲测试

$ curl 192.168.100.38:8080
<h1>Welcome</h1>

$ curl 119.x.x.x:8080
<h1>Welcome</h1>

curl 192.168.101.24:8080
<h1>Welcome</h1>

$ curl 45.x.x.x:8080
curl: (7) Failed to connect to 45.x.x.x port 8080: Operation timed out

$ curl 192.168.100.38
<h1> This is Apache2 Test page </h1>

curl 192.168.101.24
<h1> This is Apache2 Test page </h1>

$ curl 119.x.x.x
<h1> This is Apache2 Test page </h1>

$ curl 45.x.x.x
<h1> This is Apache2 Test page </h1>

问题:通过本地网络卷曲网络服务器(docker)没有问题,但不能使用公共IP?

感谢您的阅读,感谢您的帮助~

相关内容