生产环境下是绝对不可以禁用防火墙, 只需要开启伪装IP的功能即可以正常使用dns
[root@localhost liuhongdi]# firewall-cmd --zone=public --add-masquerade --permanent success [root@localhost liuhongdi]# firewall-cmd --reload success [root@localhost liuhongdi]# systemctl stop firewalld [root@localhost liuhongdi]# systemctl start firewalld [root@localhost liuhongdi]# systemctl stop docker [root@localhost liuhongdi]# systemctl start docker [root@localhost liuhongdi]# docker run --name tracker1 --privileged -v /usr/local/source:/usr/local/source -d -i -t 470671670cac /usr/sbin/init 914e7dcb12983cc27302a7becf05833abab07d8a765bf11326ca0c9ecfa12e6a [root@localhost liuhongdi]# docker exec -it tracker1 /bin/bash [root@914e7dcb1298 /]# ping www.sina.com.cn PING spool.grid.sinaedge.com (120.192.83.125) 56(84) bytes of data. 64 bytes from 120.192.83.125 (120.192.83.125): icmp_seq=1 ttl=51 time=34.6 ms ^C --- spool.grid.sinaedge.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 5ms rtt min/avg/max/mdev = 20.664/27.730/34.566/5.679 ms