我刚刚开始在从 CentOS7 + docker 迁移的范围内使用 CentOS8 + podman。问题如下:
当firewalld停止时-DNS在容器内正常工作:
[root@dev1 ~]# systemctl stop firewalld [root@dev1 ~]# podman run -it alpine ping gmail.com PING gmail.com (172.217.161.133): 56 data bytes 64 bytes from 172.217.161.133: seq=0 ttl=54 time=6.027 ms 64 bytes from 172.217.161.133: seq=1 ttl=54 time=5.892 ms 64 bytes from 172.217.161.133: seq=2 ttl=54 time=5.757 ms ^C --- gmail.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 5.757/5.892/6.027 ms但是一旦启动了firewalld,容器内的DNS就会停止工作,即使网络本身(ping)工作正常:
[root@dev1 ~]# systemctl start firewalld [root@dev1 ~]# podman run -it alpine ping gmail.com ping: bad address 'gmail.com' [root@dev1 ~]# [root@dev1 ~]# [root@dev1 ~]# podman run -it alpine ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: seq=0 ttl=54 time=4.536 ms 64 bytes from 8.8.8.8: seq=1 ttl=54 time=7.059 ms 64 bytes from 8.8.8.8: seq=2 ttl=54 time=4.924 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 4.536/5.506/7.059 ms当使用 --net=host 参数启动容器时,DNS 可以正常工作:
[root@dev1 ~]# podman run -it --net=host alpine ping gmail.com PING gmail.com (172.217.161.133): 56 data bytes 64 bytes from 172.217.161.133: seq=0 ttl=55 time=4.981 ms 64 bytes from 172.217.161.133: seq=1 ttl=55 time=5.445 ms 64 bytes from 172.217.161.133: seq=2 ttl=55 time=4.635 ms ^C --- gmail.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 4.635/5.020/5.445 ms
关于如何解决这个问题有什么建议吗?
更新:截至 2020 年 12 月 13 日,此问题无法在“CentOS Linux 版本 8.3.2011”上重现。