69 docker 容器内部能够 ping 通宿主机, 但是访问不到宿主机的服务
Posted 蓝风9
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了69 docker 容器内部能够 ping 通宿主机, 但是访问不到宿主机的服务相关的知识,希望对你有一定的参考价值。
前言
呵呵 这个问题 应该也是之前 测试 vsftpd 服务的时候 暴露出来的问题吧
呵呵 当然 解决还是花了一些 心思的
docker 容器内部能够 ping 通宿主机, 但是访问不到宿主机的服务, 多半是因为 宿主机的防火墙的问题
现场情况
业务代码中的报错 大致如下, 这个是当时 访问 vsftpd 的服务
java.net.NoRouteToHostException: Host is unreachable (Host unreachable)
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
我们这里以另外的一个服务来作为测试, 可以看到的是 188 上面的 8010 服务是访问不了的, 但是 能够ping通 188
但是实际上 我的 188 上面的 8010 是有一个web 服务的
[root@t3420 ~]# docker exec -it app0 /bin/sh
/ # wget 10.0.0.188:8010
Connecting to 10.0.0.188:8010 (10.0.0.188:8010)
wget: can't connect to remote host (10.0.0.188): Host is unreachable
/ # ping 10.0.0.188
PING 10.0.0.188 (10.0.0.188): 56 data bytes
64 bytes from 10.0.0.188: seq=0 ttl=64 time=0.197 ms
64 bytes from 10.0.0.188: seq=1 ttl=64 time=0.179 ms
^C
--- 10.0.0.188 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.179/0.188/0.197 ms
在 188 上面直接访问 8010
[root@t3420 ~]# wget 10.0.0.188:8010
--2020-12-19 16:35:50-- http://10.0.0.188:8010/
Resolving 10.0.0.188 (10.0.0.188)... ::1, 127.0.0.1
Connecting to 10.0.0.188 (10.0.0.188)|::1|:8010... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15264 (15K) [text/html]
Saving to: ‘index.html’
100%[=========================================================================================================================================================================================================================================================>] 15,264 --.-K/s in 0.003s
2020-12-19 16:35:50 (5.65 MB/s) - ‘index.html’ saved [15264/15264]
You have new mail in /var/spool/mail/root
处理问题的方式 也比较简单[需要有一定的这方面的知识储备], 先看下防火墙 在不在, 是否允许和 8010 端口 建立连接
[root@t3420 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-12-18 15:21:59 CST; 1 day 1h ago
Docs: man:firewalld(1)
Main PID: 1566 (firewalld)
Tasks: 2
Memory: 11.3M
CGroup: /system.slice/firewalld.service
└─1566 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...e.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...s.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...s.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...e.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...e.
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Dec 19 15:57:36 t3420 firewalld[1566]: WARNING: COMMAND_FAILED: '/usr/sbin/...).
Hint: Some lines were ellipsized, use -l to show in full.
[root@t3420 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: wlp3s0
sources:
services: dhcpv6-client ssh
ports: 80/tcp 5000/tcp 8081/tcp 90/tcp 4000/tcp 4010/tcp 22122/tcp 23000/tcp 21/tcp 21100/tcp 21101/tcp 21102/tcp 2021/tcp 7901/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@t3420 ~]# firewall-cmd --add-port=8010/tcp --permanent
success
[root@t3420 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: wlp3s0
sources:
services: dhcpv6-client ssh
ports: 80/tcp 5000/tcp 8081/tcp 90/tcp 4000/tcp 4010/tcp 22122/tcp 23000/tcp 21/tcp 21100/tcp 21101/tcp 21102/tcp 2021/tcp 7901/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@t3420 ~]# firewall-cmd --reload
success
[root@t3420 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: wlp3s0
sources:
services: dhcpv6-client ssh
ports: 80/tcp 5000/tcp 8081/tcp 90/tcp 4000/tcp 4010/tcp 22122/tcp 23000/tcp 21/tcp 21100/tcp 21101/tcp 21102/tcp 2021/tcp 7901/tcp 8848/tcp 8010/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
然后再来 在容器里面 访问服务
/ # wget 10.0.0.188:8010
Connecting to 10.0.0.188:8010 (10.0.0.188:8010)
index.html 100% |********************************| 14384 0:00:00 ETA
完
以上是关于69 docker 容器内部能够 ping 通宿主机, 但是访问不到宿主机的服务的主要内容,如果未能解决你的问题,请参考以下文章