Docker/Centos 7.9 上的网络无法正常工作

tag-icon tag-icon networking centos docker centos7
Docker/Centos 7.9 上的网络无法正常工作

我在 Centos 7.9.2009 上运行 Docker,遇到了一个非常奇怪的问题。容器没有网络访问权限,无法从主机访问。我搜索了潜在的解决方案,其中很多似乎与 DNS 问题有关(我不认为这是这里发生的问题,因为即使从容器内 ping 8.8.8.8 也不起作用)。我尝试安装 iptables-service,按顺序重新启动 iptables 和 docker,完全重启等。

为了尝试找出问题所在,我在另一个终端中运行了 tcpdump。我一运行,一切都正常了!终止 tcpdump 进程,一切都停止了 - 没有网络访问。有什么建议可以解释为什么运行 tcpdump 可以解决问题吗?这与 tcpdump 在 docker0 上监听并建立网络状态有关吗?

启动时 tcpdump 的输出:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on docker0, link-type EN10MB (Ethernet), capture size 262144 bytes

uname -a 的输出:

Linux 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

/etc/redhat-release 的输出:

CentOS Linux release 7.9.2009 (Core)

ip addr 的输出:

3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:8b:94:46:19 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
   valid_lft forever preferred_lft forever
inet6 fe80::42:8bff:fe94:4619/64 scope link
   valid_lft forever preferred_lft forever

iptables --list -t nat 的输出:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  anywhere            !loopback/8           ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        anywhere

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

docker 版本的输出:

Client: Docker Engine - Community
 Version:           19.03.13
 API version:       1.40
 Go version:        go1.13.15
 Git commit:        4484c46d9d
 Built:             Wed Sep 16 17:03:45 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.13
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.15
  Git commit:       4484c46d9d
  Built:            Wed Sep 16 17:02:21 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.3.7
  GitCommit:        8fba4e9a7d01810a393d5d25a3621dc101981175
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

提前致谢!

相关内容