19,612
社区成员
发帖
与我相关
我的任务
分享docker可以ping通网络,但是无法访问服务
请问一下,我docker容器内可以ping通百度,但是curl却没有结果,问题应该出在哪里,求大佬给个处理方向
容器外是完全没问题的
容器外是完全没问题的
...全文
请发表友善的回复…
发表回复
年轻的猴 2020-12-02
- 打赏
- 举报
正常的443端口可以curl百度,正常的3344也可以,但是就是设置一个80端口映射到3344就不行。挺郁闷的
年轻的猴 2020-12-02
- 打赏
- 举报
没学过linux网络。。。能告知一下具体命令嘛。。。[/quote]iptables -A INPUT -p tcp --dport 3344 -j ACCEPT[/quote]
还是不行,一样是无法curl。。。
wisewoman 2020-12-02
- 打赏
- 举报
curl -L www.baidu.com看看,或装个w3m之类的东西再测试下
IForFree 2020-12-01
- 打赏
- 举报
请列出防火墙规则
IForFree 2020-12-01
- 打赏
- 举报
没学过linux网络。。。能告知一下具体命令嘛。。。[/quote]iptables -A INPUT -p tcp --dport 3344 -j ACCEPT
年轻的猴 2020-12-01
- 打赏
- 举报
没学过linux网络。。。能告知一下具体命令嘛。。。
IForFree 2020-12-01
- 打赏
- 举报
加一个规则接收3344的input。
年轻的猴 2020-12-01
- 打赏
- 举报
端口情况:
[root@zsp ~]# iptables -t nat -L -n | grep 80
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3344
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:80
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3344 to:172.17.0.2:80
[root@zsp ~]# iptables -t nat -L -n | grep 3344
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3344
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3344 to:172.17.0.2:80
年轻的猴 2020-12-01
- 打赏
- 举报
规则后半段
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
OUTPUT_direct all -- anywhere anywhere
Chain DOCKER (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:https
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:mysql
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED
ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_public (1 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:ddi-tcp-1 ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpts:39000:safetynetp ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:cddbp ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:cslistener ctstate NEW,UNTRACKED
ACCEPT udp -- anywhere anywhere udp dpt:cslistener ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:bnt-manager ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:influence ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:trnsprntproxy ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:radan-http ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:dyna-access ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:erpc ctstate NEW,UNTRACKED
ACCEPT udp -- anywhere anywhere udp dpt:erpc ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:301 ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination年轻的猴 2020-12-01
- 打赏
- 举报
[root@zsp ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
OUTPUT_direct all -- anywhere anywhere
Chain DOCKER (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:https
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:http
ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:mysql
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_public (1 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
target prot opt source destination
Chain FWDI_public_deny (1 references)
target prot opt source destination
Chain FWDI_public_log (1 references)
target prot opt source destination
Chain FWDO_public (1 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED
ACCEPT all -- anywhere anywhere ctstate NEW,UNTRACKED
Chain FWDO_public_deny (1 references)
target prot opt source destination
Chain FWDO_public_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_public (1 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:ddi-tcp-1 ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpts:39000:safetynetp ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:cddbp ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:cslistener ctstate NEW,UNTRACKED
ACCEPT udp -- anywhere anywhere udp dpt:cslistener ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:bnt-manager ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:influence ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:trnsprntproxy ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:radan-http ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:dyna-access ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:https ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:erpc ctstate NEW,UNTRACKED
ACCEPT udp -- anywhere anywhere udp dpt:erpc ctstate NEW,UNTRACKED
ACCEPT tcp -- anywhere anywhere tcp dpt:301 ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
target prot opt source destination
Chain IN_public_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@zsp ~]# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3344
[root@zsp ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere any年轻的猴 2020-11-30
- 打赏
- 举报
docker接口的映射:
[root@zsp ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9a83cf9e6c53 zspdisk7.0 "java -Djava.securit…" 2 days ago Up 2 days 0.0.0.0:443->443/tcp, 0.0.0.0:3344->80/tcp zspdisk7.0
acf3632502be mysql "docker-entrypoint.s…" 5 weeks ago Up 2 days 33060/tcp, 0.0.0.0:3310->3306/tcp mysql01
[root@zsp ~]# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3344
IForFree 2020-11-30
- 打赏
- 举报
请贴出容器启动端口映射指令指令或者compose文件,请列出重定向配置文件明细。
年轻的猴 2020-11-29
- 打赏
- 举报
我目前是这样的,我是把我放网站的容器80和443端口映射到了我主机的3344端口和443端口,然后再把主机的80端口映射给3344,这样完成了一个网站重定向功能,用户访问我的域名就会直接跑3344端口。但是很奇怪的一点是,不知道为什么,我一完成80重定向3344这个动作,我的容器就无法联网了,如果没有做重定向就可以,可以调用阿里的短信功能
半道道 2020-11-29
- 打赏
- 举报
从表面情况来看 容器内部是可以访问外部网络的,而容器外部无法访问到容器内部。
年轻的猴 2020-11-22
- 打赏
- 举报
有木有大佬来帮帮忙
年轻的猴 2020-11-22
- 打赏
- 举报
我ip addr后发现,mtu是一样的。。。
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:10:19:bd brd ff:ff:ff:ff:ff:ff
inet x.x.x.x/20 brd 172.16.191.255 scope global dynamic eth0
valid_lft 312090154sec preferred_lft 312090154sec
inet6 fe80::216:3eff:fe10:19bd/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:80:63:8c:b7 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:80ff:fe63:8cb7/64 scope link
valid_lft forever preferred_lft forever
263: vethea39945@if262: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 02:a3:fb:43:7b:51 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::a3:fbff:fe43:7b51/64 scope link
valid_lft forever preferred_lft forever
269: veth31e5b1f@if268: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 86:9e:ed:58:f9:38 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::849e:edff:fe58:f938/64 scope link
valid_lft forever preferred_lft forever年轻的猴 2020-11-22
- 打赏
- 举报
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:10:19:bd brd ff:ff:ff:ff:ff:ff
inet x.x.x.x/20 brd 172.16.191.255 scope global dynamic eth0
valid_lft 312090154sec preferred_lft 312090154sec
inet6 fe80::216:3eff:fe10:19bd/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:80:63:8c:b7 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:80ff:fe63:8cb7/64 scope link
valid_lft forever preferred_lft forever
263: vethea39945@if262: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 02:a3:fb:43:7b:51 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::a3:fbff:fe43:7b51/64 scope link
valid_lft forever preferred_lft forever
269: veth31e5b1f@if268: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 86:9e:ed:58:f9:38 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::849e:edff:fe58:f938/64 scope link
valid_lft forever preferred_lft forever
年轻的猴 2020-11-22
- 打赏
- 举报
ip addr下去是这样的,mtu是一样的
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:3e:10:19:bd brd ff:ff:ff:ff:ff:ff
inet 172.16.176.197/20 brd 172.16.191.255 scope global dynamic eth0
valid_lft 312090154sec preferred_lft 312090154sec
inet6 fe80::216:3eff:fe10:19bd/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:80:63:8c:b7 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:80ff:fe63:8cb7/64 scope link
valid_lft forever preferred_lft forever
263: vethea39945@if262: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 02:a3:fb:43:7b:51 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::a3:fbff:fe43:7b51/64 scope link
valid_lft forever preferred_lft forever
269: veth31e5b1f@if268: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 86:9e:ed:58:f9:38 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::849e:edff:fe58:f938/64 scope link
valid_lft forever preferred_lft forever
