69 docker 容器内部能够 ping 通宿主机, 但是访问不到宿主机的服务

Posted 蓝风9

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了69 docker 容器内部能够 ping 通宿主机, 但是访问不到宿主机的服务相关的知识,希望对你有一定的参考价值。

前言

呵呵 这个问题 应该也是之前 测试 vsftpd 服务的时候 暴露出来的问题吧 

呵呵 当然 解决还是花了一些 心思的  

docker 容器内部能够 ping 通宿主机, 但是访问不到宿主机的服务, 多半是因为 宿主机的防火墙的问题

现场情况

业务代码中的报错 大致如下, 这个是当时 访问 vsftpd 的服务  

java.net.NoRouteToHostException: Host is unreachable (Host unreachable)
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:589)

我们这里以另外的一个服务来作为测试, 可以看到的是 188 上面的 8010 服务是访问不了的, 但是 能够ping通 188 

但是实际上 我的 188 上面的 8010 是有一个web 服务的 

[root@t3420 ~]# docker exec -it app0 /bin/sh
/ # wget 10.0.0.188:8010
Connecting to 10.0.0.188:8010 (10.0.0.188:8010)
wget: can't connect to remote host (10.0.0.188): Host is unreachable
/ # ping 10.0.0.188
PING 10.0.0.188 (10.0.0.188): 56 data bytes
64 bytes from 10.0.0.188: seq=0 ttl=64 time=0.197 ms
64 bytes from 10.0.0.188: seq=1 ttl=64 time=0.179 ms
^C
--- 10.0.0.188 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.179/0.188/0.197 ms

在 188 上面直接访问 8010 

[root@t3420 ~]# wget 10.0.0.188:8010
--2020-12-19 16:35:50--  http://10.0.0.188:8010/
Resolving 10.0.0.188 (10.0.0.188)... ::1, 127.0.0.1
Connecting to 10.0.0.188 (10.0.0.188)|::1|:8010... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15264 (15K) [text/html]
Saving to: ‘index.html’

100%[=========================================================================================================================================================================================================================================================>] 15,264      --.-K/s   in 0.003s  

2020-12-19 16:35:50 (5.65 MB/s) - ‘index.html’ saved [15264/15264]

You have new mail in /var/spool/mail/root

处理问题的方式 也比较简单[需要有一定的这方面的知识储备], 先看下防火墙 在不在, 是否允许和 8010 端口 建立连接 

[root@t3420 ~]# systemctl status firewalld 
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-12-18 15:21:59 CST; 1 day 1h ago
     Docs: man:firewalld(1)
 Main PID: 1566 (firewalld)
    Tasks: 2
   Memory: 11.3M
   CGroup: /system.slice/firewalld.service
           └─1566 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...e.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...s.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...s.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...e.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...e.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Hint: Some lines were ellipsized, use -l to show in full.
[root@t3420 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp3s0
  sources: 
  services: dhcpv6-client ssh
  ports: 80/tcp 5000/tcp 8081/tcp 90/tcp 4000/tcp 4010/tcp 22122/tcp 23000/tcp 21/tcp 21100/tcp 21101/tcp 21102/tcp 2021/tcp 7901/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	
[root@t3420 ~]# firewall-cmd --add-port=8010/tcp --permanent
success
[root@t3420 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp3s0
  sources: 
  services: dhcpv6-client ssh
  ports: 80/tcp 5000/tcp 8081/tcp 90/tcp 4000/tcp 4010/tcp 22122/tcp 23000/tcp 21/tcp 21100/tcp 21101/tcp 21102/tcp 2021/tcp 7901/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	
[root@t3420 ~]# firewall-cmd --reload
success
[root@t3420 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp3s0
  sources: 
  services: dhcpv6-client ssh
  ports: 80/tcp 5000/tcp 8081/tcp 90/tcp 4000/tcp 4010/tcp 22122/tcp 23000/tcp 21/tcp 21100/tcp 21101/tcp 21102/tcp 2021/tcp 7901/tcp 8848/tcp 8010/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

然后再来 在容器里面 访问服务  

/ # wget 10.0.0.188:8010
Connecting to 10.0.0.188:8010 (10.0.0.188:8010)
index.html           100% |********************************| 14384  0:00:00 ETA

完 

以上是关于69 docker 容器内部能够 ping 通宿主机, 但是访问不到宿主机的服务的主要内容,如果未能解决你的问题,请参考以下文章

windows宿主机访问docker容器ip无法ping通

RocketMQ在Docker下的部署

为啥我ping不通我的docker容器

Docker 容器与宿主机网段冲突导致网络无法 ping 通的解决方案

如何从容器内部执行宿主机的docker命令

docker容器时间与宿主机时间不一致问题总结