参考:
https://blog.csdn.net/NewTyun/article/details/104191062/
https://www.networkinghowtos.com/howto/enable-ip-forwarding-on-ubuntu-13-04/
https://gist.github.com/tzermias/5408466
1. 环境信息
安装ubuntu docker环境
机器1
IP:172.30.30.231
Docker网段:172.17.231.1
机器2
IP:172.30.30.232
Docker网段:172.17.232.1
2. 修改Docker配置
修改/etc/docker/daemon.json配置docker网段,并重启docker服务
在机器1上修改
op@dev-01:~$ cat /etc/docker/daemon.json
{
"bip": "172.17.231.1/24"
}
op@dev-01:~$ systemctl reestart docker
在机器2上修改
op@dev-02:~$ cat /etc/docker/daemon.json
{
"bip": "172.17.232.1/24"
}
op@dev-02:~$ systemctl reestart docker
3. 添加路由规则
在机器1上执行
root@dev-01:~# route add -net 172.17.232.0/24 gw 172.30.30.232
root@dev-01:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.30.30.254 0.0.0.0 UG 0 0 0 eth0
172.17.231.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.17.232.0 172.30.30.232 255.255.255.0 UG 0 0 0 eth0
172.30.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
root@dev-01:~#
在机器2上执行
root@dev-02:~# route add -net 172.17.231.0/24 gw 172.30.30.231
root@dev-02:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.30.30.254 0.0.0.0 UG 0 0 0 eth0
172.17.232.0 0.0.0.0 255.255.255.0 U 0 0 0 docker0
172.17.231.0 172.30.30.231 255.255.255.0 UG 0 0 0 eth0
172.30.30.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
root@dev-02:~#
将其写入/etc/rc.local则可以重启机器后仍生效
4. 在两台机器上都配置ip_forward和网卡转发
临时配置ip_forward
root@dev:~# sysctl net.ipv4.ip_forward=1
永久配置ip_forward
编辑配置文件/etc/sysctl.conf,去掉net.ipv4.ip_forward=1前面的#注释,执行sysctl -p使其生效
root@dev:~# cat /etc/sysctl.conf|grep 'net.ipv4.ip_forward'
net.ipv4.ip_forward=1
root@dev:~# sysctl -p
配置网卡转发
root@dev:~# iptables -A FORWARD --in-interface eth0 -j ACCEPT
root@dev:~# iptables --table nat -A POSTROUTING --out-interface docker0 -j MASQUERADE
root@dev:~# iptables-save
5. 测试
在两台机器上分别启动nginx测试docker,默认ip分别为172.17.231.2和172.17.232.2
root@dev:~# docker run -d nginx
在机器1上测试
# 测试ping
root@dev-01:!# ping -c 2 172.17.232.2
PING 172.17.232.2 (172.17.232.2) 56(84) bytes of data.
64 bytes from 172.17.232.2: icmp_seq=1 ttl=63 time=0.255 ms
64 bytes from 172.17.232.2: icmp_seq=2 ttl=63 time=0.239 ms
--- 172.17.232.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.239/0.247/0.255/0.008 ms
# 测试curl
root@dev-01:~# curl 172.17.232.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@dev-01:~#
测试成功,同理在机器2上测试一样可以访问。
网友评论