宿主机无法通过telnet IP端口访问docker容器发布的端口,但是可以通过telnet localhost端口访问,为什么?

宿主机无法通过telnet IP端口访问docker容器发布的端口,但是可以通过telnet localhost端口访问,为什么?

在容器中:1.命令结果:netstat -tunlp

[root@hadoop0 bin]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 192.168.1.10:8032       0.0.0.0:*               LISTEN      525/java            
tcp        0      0 192.168.1.10:8033       0.0.0.0:*               LISTEN      525/java            
tcp        0      0 192.168.1.10:9000       0.0.0.0:*               LISTEN      148/java            
tcp        0      0 192.168.1.10:50090      0.0.0.0:*               LISTEN      350/java            
tcp        0      0 0.0.0.0:50070           0.0.0.0:*               LISTEN      148/java            
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1/sshd              
tcp        0      0 192.168.1.10:8088       0.0.0.0:*               LISTEN      525/java            
tcp        0      0 192.168.1.10:8030       0.0.0.0:*               LISTEN      525/java            
tcp        0      0 192.168.1.10:8031       0.0.0.0:*               LISTEN      525/java            
tcp6       0      0 :::22                   :::*                    LISTEN      1/sshd              
[root@hadoop0 bin]# 
  1. 命令:ip a

[root@hadoop0 bin]#

[root@hadoop0 bin]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:11:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.4/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
12: eth1@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c2:7a:ef:9e:85:52 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1
       valid_lft forever preferred_lft forever

docker inspect结果中网络配置相关的信息如下:

"HostConfig": {
        "Binds": null,
        "ContainerIDFile": "",
        "LogConfig": {
            "Type": "json-file",
            "Config": {}
        },
        "NetworkMode": "default",
        "PortBindings": {
            "10020/tcp": [
                {
                    "HostIp": "",
                    "HostPort": "10020"
                }
            ],
            "19888/tcp": [
                {
                    "HostIp": "",
                    "HostPort": "19888"
                }
            ],
            "50090/tcp": [
                {
                    "HostIp": "",
                    "HostPort": "50090"
                }
            ],
            "8081/tcp": [
                {
                    "HostIp": "",
                    "HostPort": "8081"
                }
            ],
            "8088/tcp": [
                {
                    "HostIp": "",
                    "HostPort": "8088"
                }
            ],
            "8989/tcp": [
                {
                    "HostIp": "",
                    "HostPort": "8989"
                }
            ],
            "9000/tcp": [
                {
                    "HostIp": "",
                    "HostPort": "9000"
                }
            ]
        },

"NetworkSettings": {
        "Bridge": "",
        "SandboxID": "0033e62a6507139e9f51cdb3210fdbccd4355f4aabc3ff26e58f4a2030490e14",
        "HairpinMode": false,
        "LinkLocalIPv6Address": "",
        "LinkLocalIPv6PrefixLen": 0,
        "Ports": {
            "10020/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "10020"
                }
            ],
            "19888/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "19888"
                }
            ],
            "22/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "32771"
                }
            ],
            "50070/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "32770"
                }
            ],
            "50090/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "50090"
                }
            ],
            "8081/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "8081"
                }
            ],
            "8088/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "8088"
                }
            ],
            "8989/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "8989"
                }
            ],
            "9000/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "9000"
                }
            ]
        },
        "SandboxKey": "/var/run/docker/netns/0033e62a6507",
        "SecondaryIPAddresses": null,
        "SecondaryIPv6Addresses": null,
        "EndpointID": "f7201660aee774db11a39a1713844fd841b7e6ce7732fd62bf7b907f6dc40f61",
        "Gateway": "172.17.0.1",
        "GlobalIPv6Address": "",
        "GlobalIPv6PrefixLen": 0,
        "IPAddress": "172.17.0.4",
        "IPPrefixLen": 16,
        "IPv6Gateway": "",
        "MacAddress": "02:42:ac:11:00:04",
        "Networks": {
            "bridge": {
                "IPAMConfig": null,
                "Links": null,
                "Aliases": null,
                "NetworkID": "60c9d4c148f424ccbf7895a1e36cfd7c9aec2696bc17f6224c02fecad1c672b5",
                "EndpointID": "f7201660aee774db11a39a1713844fd841b7e6ce7732fd62bf7b907f6dc40f61",
                "Gateway": "172.17.0.1",
                "IPAddress": "172.17.0.4",
                "IPPrefixLen": 16,
                "IPv6Gateway": "",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "MacAddress": "02:42:ac:11:00:04",
                "DriverOpts": null
            }
        }
    }

在主机上:

[root@192-168-2-70 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND               CREATED             STATUS              PORTS                                                                                                                                                                                                                           NAMES
f940bc213258        a5e442e69031        "/usr/sbin/sshd -D"   9 days ago          Up 2 hours          0.0.0.0:8081->8081/tcp, 0.0.0.0:8088->8088/tcp, 0.0.0.0:8989->8989/tcp, 0.0.0.0:9000->9000/tcp, 0.0.0.0:10020->10020/tcp, 0.0.0.0:19888->19888/tcp, 0.0.0.0:50090->50090/tcp, 0.0.0.0:32771->22/tcp, 0.0.0.0:32770->50070/tcp   hadoop0

[root@192-168-2-70 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:4c:69:a7:53:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.70/24 brd 192.168.2.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ec25:7a4b:3d91:ce38/64 scope link tentative dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::546a:b23c:bc6b:e108/64 scope link tentative dadfailed 
       valid_lft forever preferred_lft forever
    inet6 fe80::a7bf:4228:3dc4:388d/64 scope link tentative dadfailed 
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:e6:3a:91:d9 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:e6ff:fe3a:91d9/64 scope link 
       valid_lft forever preferred_lft forever
4: br-8cf678167a28: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:65:cb:b3:34 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-8cf678167a28
       valid_lft forever preferred_lft forever

telnet 命令的结果:

[root@192-168-2-70 ~]# telnet 192.168.2.70 50090
Trying 192.168.2.70...
telnet: connect to address 192.168.2.70: Connection refused
[root@192-168-2-70 ~]# telnet localhost 50090   
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

问题是,为什么容器发布的端口,例如 50090,不能通过“telnet IP 端口”进行 telnet ,但可以通过“telnet localhost 端口”访问?

顺便说一句,服务firewalld已被主机禁用。

相关内容