主机 LAN IP 上无法访问 Docker 网络

tag-icon tag-icon routing docker linux-networking centos7
主机 LAN IP 上无法访问 Docker 网络

我正在运行 Centos 7.5 和 Docker ce: 18.09.3。这是我的 docker 守护进程配置:

{
  "bip": "172.18.0.1/24"
}

iptables -L -v 输出:

    Chain INPUT (policy ACCEPT 1730K packets, 3080M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   489 DOCKER-USER  all  --  any    any     anywhere             anywhere            
    6   489 DOCKER-ISOLATION-STAGE-1  all  --  any    any     anywhere             anywhere            
    3   272 ACCEPT     all  --  any    docker0  anywhere             anywhere             ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  any    docker0  anywhere             anywhere            
    3   217 ACCEPT     all  --  docker0 !docker0  anywhere             anywhere            
    0     0 ACCEPT     all  --  docker0 docker0  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 2363K packets, 530M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    3   217 DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  anywhere             anywhere            
    6   489 RETURN     all  --  any    any     anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  any    docker0  anywhere             anywhere            
    3   217 RETURN     all  --  any    any     anywhere             anywhere            

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   12   978 RETURN     all  --  any    any     anywhere             anywhere

我遇到的问题是容器仅在 172.18.0.1/24 网络上的 docker 主机内可用。我无法从同一 LAN 中的其他虚拟机访问它们。此外,我无法使用 docker 主机虚拟机上的 localhost 访问容器。

知道我需要调查/设置什么来公开容器吗?

相关内容