我想8000
使用端口将 podman 容器中的端口提供给 LAN 8009
。
该容器使用 运行podman-compose
,转换为以下命令:
podman create --name=pihole-unbound_pihole_1 [...] --
net pihole-unbound_default --network-alias pihole -p 53:53/tcp -p 53:53/udp -p 8000:80/tcp --restart unless-stopped pihole-unbound_pihole
而且我可以从 正确访问我的 Web UI http://server.local:8000/
。
然后我将必要的转发规则添加到firewall-cmd,如下所示:
firewall-cmd --add-forward-port=port=8009:proto=tcp:toport=8000
但从外部访问它只是超时,例如
curl -I http://192.168.10.15:8009
我在网上阅读了很多关于如何在 Fedora/CentOS 中转发端口的指南和帖子,但几乎没有一个专门讨论容器的情况,除了少数几个:
- https://tecadmin.net/forwarding-ports-to-docker-containers-using-linux-firewalls/
- https://major.io/p/forwarding-ports-with-firewalld/
但我仍然无法让它工作。更重要的是,我甚至无法curl
从主机内部访问转发端口,但行为有所不同,它们只是拒绝连接,而不是无限期挂起:
# curl -I http://localhost:8009
curl: (7) Failed to connect to localhost port 8009 after 0 ms: Couldn't connect to server
我甚至尝试寻找其他区域的提示,但似乎没有关于规则在哪里的信息。
# firewall-cmd --get-zones
FedoraServer FedoraWorkstation block dmz drop external home internal libvirt libvirt-routed nm-shared public trusted work
# firewall-cmd --get-active-zones
FedoraServer (default)
interfaces: enp3s0
trusted
sources: 10.89.0.0/24 10.89.1.0/24 10.89.2.0/24 10.89.3.0/24
# firewall-cmd --zone=trusted --list-all
trusted (active)
target: ACCEPT
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces:
sources: 10.89.0.0/24 10.89.1.0/24 10.89.2.0/24 10.89.3.0/24
services:
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
# firewall-cmd --zone=FedoraServer --list-all
FedoraServer (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: enp3s0
sources:
services: cockpit dhcpv6-client http samba ssh
ports:
protocols:
forward: yes
masquerade: yes
forward-ports:
port=8009:proto=tcp:toport=8000:toaddr=
source-ports:
icmp-blocks:
rich rules: