Docker 学习5 Docker容器网络

一、内核网络名称空间

  1、可通过ip netns进行操作

[root@localhost /]# ip netns help
Usage: ip netns list
       ip netns add NAME
       ip netns set NAME NETNSID
       ip [-all] netns delete [NAME]
       ip netns identify [PID]
       ip netns pids NAME
       ip [-all] netns exec [NAME] cmd ...
       ip netns monitor
       ip netns list-id

  2、启动各种网络类型的容器

    a、启动一个网络类型为bridge的容器并且在退出后自动删除(即能够对外通信的容器)。

[root@localhost ~]# docker run --name t1 -it --network bridge --rm busybox:latest
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:04  
          inet addr:172.17.0.4  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:508 (508.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

    b、启动一个网络类型为none的容器并且在退出后自动删除(即封闭式容器)

[root@localhost ~]# docker run --name t1 -it --network none --rm busybox:latest
/ # ifconfig 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ # exit

    c、容器默认的主机名就是其id,也可以在启动的时候给上主机名

[root@localhost ~]# docker run --name t1 -it --network bridge -h wohaoshuai --rm busybox:latest
/ # hostname 
wohaoshuai

    d、容器默认的dns是宿主机的dns,可以在启动的时候给上其dns

[root@localhost ~]# docker run --name t1 -it --network bridge -h wohaoshuai --dns 114.114.114.114 --rm busybox:latest
/ # cat /etc/hosts 
127.0.0.1    localhost
::1    localhost ip6-localhost ip6-loopback
fe00::0    ip6-localnet
ff00::0    ip6-mcastprefix
ff02::1    ip6-allnodes
ff02::2    ip6-allrouters
172.17.0.4    wohaoshuai
/ # cat /etc/resolv.conf 
nameserver 114.114.114.114

    e、可以给主机添加主机解析记录

[root@localhost ~]# docker run --name t1 -it --network bridge -h wohaoshuai --dns 114.114.114.114 --add-host www.wohaoshuai.com:192.168.11.11 --rm busybox:latest
/ # cat /etc/hosts 
127.0.0.1    localhost
::1    localhost ip6-localhost ip6-loopback
fe00::0    ip6-localnet
ff00::0    ip6-mcastprefix
ff02::1    ip6-allnodes
ff02::2    ip6-allrouters
192.168.11.11    www.wohaoshuai.com
172.17.0.4    wohaoshuai

  3、端口映射 -p

   

    a、将指定的容器端口映射至主机所有地址的一个动态端口

[root@localhost ~]# docker run -it -p 80 --rm --name webtest1 httpd 
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Apr 13 10:59:16.001251 2019] [mpm_event:notice] [pid 1:tid 140311487656000] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Sat Apr 13 10:59:16.001475 2019] [core:notice] [pid 1:tid 140311487656000] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.10.1 - - [13/Apr/2019:10:59:57 +0000] "GET / HTTP/1.1" 200 45
192.168.10.1 - - [13/Apr/2019:10:59:57 +0000] "GET /favicon.ico HTTP/1.1" 404 209

另开一个shell查看:
[root@localhost ~]# docker port webtest1 
80/tcp -> 0.0.0.0:32768

    b、将容器端口映射至指定的主机端口

[root@localhost ~]# docker run -it --rm  -p 80:80 --name webtest1 httpd 
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Apr 13 11:05:43.973155 2019] [mpm_event:notice] [pid 1:tid 140421815427136] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Sat Apr 13 11:05:43.973377 2019] [core:notice] [pid 1:tid 140421815427136] AH00094: Command line: 'httpd -D FOREGROUND'

另起一个shell查看:
[root@localhost ~]# docker port webtest1 
80/tcp -> 0.0.0.0:80

    c、将指定的容器端口映射至主机指定ip的动态端口

[root@localhost ~]# docker run -it --rm  -p 192.168.10.46::80 --name webtest1 httpd 
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Apr 13 11:10:08.815379 2019] [mpm_event:notice] [pid 1:tid 140160940060736] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Sat Apr 13 11:10:08.815558 2019] [core:notice] [pid 1:tid 140160940060736] AH00094: Command line: 'httpd -D FOREGROUND'

另开一个shell查看:
[root@localhost ~]# docker port webtest1 
80/tcp -> 192.168.10.46:32769

    d、将指定的容器端口映射至主机指定的ip 的端口

[root@localhost ~]# docker run -it --rm  -p 192.168.10.46:80:80 --name webtest1 httpd 
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.17.0.4. Set the 'ServerName' directive globally to suppress this message
[Sat Apr 13 11:11:47.699843 2019] [mpm_event:notice] [pid 1:tid 139789685690432] AH00489: Apache/2.4.39 (Unix) configured -- resuming normal operations
[Sat Apr 13 11:11:47.699977 2019] [core:notice] [pid 1:tid 139789685690432] AH00094: Command line: 'httpd -D FOREGROUND'
192.168.10.1 - - [13/Apr/2019:11:11:55 +0000] "GET / HTTP/1.1" 200 45
192.168.10.1 - - [13/Apr/2019:11:11:56 +0000] "GET /favicon.ico HTTP/1.1" 404 209

[root@localhost ~]# docker port webtest1 
80/tcp -> 192.168.10.46:80

   4、暴露容器所有端口到宿主机 -P

  5、启动联盟式容器

    a、启动容器1

[root@localhost ~]# docker run -it --name b1 --rm busybox
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:04  
          inet addr:172.17.0.4  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:578 (578.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

    b、启动容器2共享容器1的网络名称空间(但是文件系统不是共享的)

[root@localhost ~]# docker run -it --name b2 --network container:b1 --rm busybox
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:04  
          inet addr:172.17.0.4  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:648 (648.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

    c、在容器1上启动一个httpd服务

/ # mkdir /tmp/httptest
/ # echo "http test" >> /tmp/httptest/index.html
/ # httpd -h /tmp/httptest/
/ # netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::80 :::* LISTEN 9/httpd
tcp 0 0 ::ffff:127.0.0.1:80 ::ffff:127.0.0.1:33282 TIME_WAIT -

    d、在容器2上查看

/ # wget -O - -q 127.0.0.1
http test
/ # netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 :::80                   :::*                    LISTEN      -

   6、共享主机网络空间

    a、启动容器2,共享主机网络空间

[root@localhost ~]# docker run -it --name b2 --network host --rm busybox
/ # ifconfig 
docker0   Link encap:Ethernet  HWaddr 02:42:07:6B:46:88  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:7ff:fe6b:4688/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:31 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3044 (2.9 KiB)  TX bytes:4258 (4.1 KiB)

ens33     Link encap:Ethernet  HWaddr 00:0C:29:A7:CE:04  
          inet addr:192.168.10.46  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::2b2a:bd85:8d15:14c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:45436 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11563 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:54165413 (51.6 MiB)  TX bytes:1167461 (1.1 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5280 (5.1 KiB)  TX bytes:5280 (5.1 KiB)

veth24abfad Link encap:Ethernet  HWaddr 82:21:2D:BA:ED:63  
          inet6 addr: fe80::8021:2dff:feba:ed63/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:1576 (1.5 KiB)

veth34dd4fe Link encap:Ethernet  HWaddr EA:F1:6D:7E:EB:23  
          inet6 addr: fe80::e8f1:6dff:fe7e:eb23/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

vetha7c5640 Link encap:Ethernet  HWaddr CE:76:19:9D:AE:0E  
          inet6 addr: fe80::cc76:19ff:fe9d:ae0e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:1744 (1.7 KiB)

    b、在容器中启动http服务,在宿主机中也可访问

/ # echo "hello wohaoshuai" > /tmp/index.html
/ # httpd -h /tmp/
/ # 
/ # 
/ # 
/ # netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.10.46:22        192.168.10.1:50937      ESTABLISHED -
tcp        0     52 192.168.10.46:22        192.168.10.1:51766      ESTABLISHED -
tcp        0      0 :::111                  :::*                    LISTEN      -
tcp        0      0 :::80                   :::*                    LISTEN      8/httpd
tcp        0      0 :::22                   :::*                    LISTEN      -
tcp        0      0 ::1:25                  :::*                    LISTEN      -

二、修改docker 默认项

  1、自定义docker网络属性

    

[root@localhost ~]# more /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://guxaj7v7.mirror.aliyuncs.com","https://registry.docker-cn.com"],
  "bip": "10.0.0.1/16"
}
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a7:ce:04 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.46/24 brd 192.168.10.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::2b2a:bd85:8d15:14c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:07:6b:46:88 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/16 brd 10.0.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:7ff:fe6b:4688/64 scope link 
       valid_lft forever preferred_lft forever

  2、修改docker 监听方式

    a、方式1

    b、方式2:不同版本docker修改方式不一样,另一种修改方式如下:

      vim /usr/lib/systemd/system/docker.service

      在[service]下加如下参数

[Service]  
ExecStart=  
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix://var/run/docker.sock

      重启docker 服务

[root@localhost ~]# systemctl daemon-reload 
[root@localhost ~]# systemctl restart docker
[root@localhost ~]# netstat -anpt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      686/rpcbind         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1066/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1291/master         
tcp        0      0 192.168.10.46:22        192.168.10.1:50937      ESTABLISHED 1237/sshd: root@pts 
tcp        0      0 192.168.10.46:22        192.168.10.1:51766      ESTABLISHED 3646/sshd: root@pts 
tcp6       0      0 :::2375                 :::*                    LISTEN      10670/dockerd       
tcp6       0      0 :::111                  :::*                    LISTEN      686/rpcbind         
tcp6       0      0 :::22                   :::*                    LISTEN      1066/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1291/master         
[root@localhost ~]# ls /var/run/
abrt        cron.reboot      docker.sock    lock         mod_fcgid       rpcbind.lock  syslogd.pid  utmp
atd.pid     dbus             ebtables.lock  log          mount           rpcbind.sock  systemd      vmware
auditd.pid  dmeventd-client  faillock       lsm          netreport       sepermit      tmpfiles.d   xtables.lock
console     dmeventd-server  firewalld      lvm          NetworkManager  setrans       tuned
containerd  docker           httpd          lvmetad.pid  plymouth        sshd.pid      udev
crond.pid   docker.pid       initramfs      mdadm        rpcbind         sudo          user

    c、访问

[root@localhost ~]# docker -H 192.168.10.46 ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@localhost ~]# docker -H 192.168.10.46 images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
httpd               latest              d4a07e6ce470        10 days ago         132MB
busybox             latest              af2f74c517aa        10 days ago         1.2MB
centos              latest              9f38484d220f        4 weeks ago         202MB

三、不同网络之间容器互相访问

  1、创建网络

[root@localhost ~]# docker network create -d bridge --subnet "172.16.0.0/16" --gateway "172.16.0.1" mybr0
fceba8db97014f8f762b48cced3399ecb539b4510f68181df992997d67ae1307
[root@localhost ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
0479ba9d5a7c        bridge              bridge              local
1f98da302a92        host                host                local
fceba8db9701        mybr0               bridge              local
bdb9eff6069c        none                null                local
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:a7:ce:04 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.46/24 brd 192.168.10.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::2b2a:bd85:8d15:14c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:07:6b:46:88 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/16 brd 10.0.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:7ff:fe6b:4688/64 scope link 
       valid_lft forever preferred_lft forever
84: br-fceba8db9701: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:7d:27:e3:a0 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/16 brd 172.16.255.255 scope global br-fceba8db9701
       valid_lft forever preferred_lft forever

  2、创建容器1并加入到刚刚创建的网络中

[root@localhost ~]# docker run --name t1 -it --network mybr0 busybox:latest 
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:AC:10:00:02  
          inet addr:172.16.0.2  Bcast:172.16.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1296 (1.2 KiB)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

  3、创建容器2并加入bridge网络

[root@localhost ~]# docker run --name t2 -it --network bridge busybox:latest 
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:0A:00:00:02  
          inet addr:10.0.0.2  Bcast:10.0.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:508 (508.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

  4、要想容器1能够访问到容器2则需要在宿主机上开启nat转发

    a、查看是否开启转发

[root@localhost ~]# cat /proc/sys/net/ipv4/ip_forward
1

    b、在iptables上将相应规则打开即可,因为iptables默认是阻止两个不同网络容器之间进行通信的。

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/Presley-lpc/p/10661976.html