Article background:
When we use Docker in a LAN, one of the most common confusions we encounter is that sometimes the network is blocked across network segments. The reason is that the gateway generated by Docker by default sometimes conflicts with our LAN segment. For example, if Docker is deployed on a machine in the 172.16 network segment, and the resulting docker0 bridge is the 172.17 network segment, then it is the same as the one used in the real environment. There is a conflict between machines in the network segment (that is, the machine in the 172.17 network segment cannot be pinged).
(Recommended tutorial: docker tutorial)
In order to avoid conflicts, the first thing that comes to mind is to change the gateway. The example is as follows (taking Centos as an example):
service docker stop # 删除docker防火墙过滤规则 iptables -t nat -F POSTROUTING # 删除docker默认网关配置 ip link set dev docker0 down ip addr del 172.17.0.1/16 dev docker0 # 增加新的docker网关配置 ip addr add 192.168.2.1/24 dev docker0 ip link set dev docker0 up # 检测是否配置成功,如果输出信息中有 192.168.5.1,则表明成功 ip addr show docker0 service docker start # 验证docker防火墙过滤规则
After this modification, will it be reliable? The answer is no, because after docker restarts, docker0 may still be rebuilt, overwriting the modifications we made. It shows that Docker’s IP rules are hard-coded and we are not allowed to change them at will. But let’s change our thinking and kill docker0 directly and rebuild a new bridge:
First we need to install the bridge creation tool brctl:
sudo yum install -y bridge-utils
Start the creation operation:
# 1.停止 Docker 服务
service docker stop
# 2.创建新的网桥(新的网段)
brctl addbr bridge0
ip addr add 192.168.2.1/24 dev bridge0
ip link set dev bridge0 up
# 3.确认网桥信息
ip addr show bridge0
# 4.修改配置文件
/etc/docker/daemon.json(如不存在则创建一个 touch daemon.json),使Docker启动时使用自定义网桥
{
"bridge": "bridge0"
}
# 5.重启 Docker
service docker start
# 确认 NAT 网络路由
iptables -t nat -L -n
# 6.删除不再使用的网桥
ip link set dev docker0 down
brctl delbr docker0
iptables -t nat -F POSTROUTINGRegarding the modified configuration made in step 4, it is to reference the new network bridge. In fact, you can also reference the new network bridge in the docker configuration file:
echo 'DOCKER_OPTS="-b=bridge0"' >> /etc/sysconfig/docker sudo service docker start
But it does not mean that we will definitely be able to see the docker custom configuration. file, if there is no default/docker or sysconfig/docker, it will be more troublesome. The solution is as follows:
$ vi /lib/systemd/system/docker.service #添加一行 $ EnvironmentFile=-/etc/default/docker 或者 $ EnvironmentFile=-/etc/sysconfig/docker #-代表ignore error #并修改 $ ExecStart=/usr/bin/docker daemon -H fd:// #改成 $ ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS #这样才能使用/etc/default/docker里定义的DOCKER_OPTS参数 $ systemctl daemon-reload 重载 $ sudo service docker restart
After completing the creation of bridge0 and transitioning from docker0 to bridge0, we can route it to confirm whether we The 172.17 network segment that we don’t want to see:
As long as it is not there, then we will not only be connected to the machines in the 172.17 network segment. If there is still one, then use ip addr del 172.17.0.1/16 dev docker0 until it is cleared (because a new docker bridge has been established, deleting the old one will not affect the use of docker).
If the network bridge created by brctl may be lost after restarting the machine, then we can write the following command into the Linux self-start script and execute it every time it restarts:
brctl addbr bridge0 ip addr add 192.168.2.1/24 dev bridge0 ip link set dev bridge0 up
Self-start Scripts can be added by adding executable statements (such as sh /opt/script.sh &) in the /etc/rc.local file. In this way, basically every time the machine is restarted, bridge0 can be guaranteed to be created and the docker service can start normally.
In addition: If you just want to solve the IP network segment conflict and are unwilling to operate the above complicated process, you can actually just change /etc/docker/daemon.json by adding the content "bip": "ip/ netmask" to change the network segment of the docker0 bridge, as follows:
[root@iZ2ze278r1bks3c1m6jdznZ ~]# cat /etc/docker/daemon.json
{
"bip":"192.168.2.1/24"
}The above is the detailed content of Modify docker default gateway. For more information, please follow other related articles on the PHP Chinese website!
Linux and Docker: Docker on Different Linux DistributionsApr 19, 2025 am 12:10 AMThe methods of installing and using Docker on Ubuntu, CentOS, and Debian are different. 1) Ubuntu: Use the apt package manager, the command is sudoapt-getupdate&&sudoapt-getinstalldocker.io. 2) CentOS: Use the yum package manager and you need to add the Docker repository. The command is sudoyumininstall-yyum-utils&&sudoyum-config-manager--add-repohttps://download.docker.com/lin
Mastering Docker: A Guide for Linux UsersApr 18, 2025 am 12:08 AMUsing Docker on Linux can improve development efficiency and simplify application deployment. 1) Pull Ubuntu image: dockerpullubuntu. 2) Run Ubuntu container: dockerrun-itubuntu/bin/bash. 3) Create Dockerfile containing nginx: FROMubuntu;RUNapt-getupdate&&apt-getinstall-ynginx;EXPOSE80. 4) Build the image: dockerbuild-tmy-nginx. 5) Run container: dockerrun-d-p8080:80
Docker on Linux: Applications and Use CasesApr 17, 2025 am 12:10 AMDocker simplifies application deployment and management on Linux. 1) Docker is a containerized platform that packages applications and their dependencies into lightweight and portable containers. 2) On Linux, Docker uses cgroups and namespaces to implement container isolation and resource management. 3) Basic usages include pulling images and running containers. Advanced usages such as DockerCompose can define multi-container applications. 4) Debug commonly used dockerlogs and dockerexec commands. 5) Performance optimization can reduce the image size through multi-stage construction, and keeping the Dockerfile simple is the best practice.
Docker: Containerizing Applications for Portability and ScalabilityApr 16, 2025 am 12:09 AMDocker is a Linux container technology-based tool used to package, distribute and run applications to improve application portability and scalability. 1) Dockerbuild and dockerrun commands can be used to build and run Docker containers. 2) DockerCompose is used to define and run multi-container Docker applications to simplify microservice management. 3) Using multi-stage construction can optimize the image size and improve the application startup speed. 4) Viewing container logs is an effective way to debug container problems.
How to start containers by dockerApr 15, 2025 pm 12:27 PMDocker container startup steps: Pull the container image: Run "docker pull [mirror name]". Create a container: Use "docker create [options] [mirror name] [commands and parameters]". Start the container: Execute "docker start [Container name or ID]". Check container status: Verify that the container is running with "docker ps".
How to view logs from dockerApr 15, 2025 pm 12:24 PMThe methods to view Docker logs include: using the docker logs command, for example: docker logs CONTAINER_NAME Use the docker exec command to run /bin/sh and view the log file, for example: docker exec -it CONTAINER_NAME /bin/sh ; cat /var/log/CONTAINER_NAME.log Use the docker-compose logs command of Docker Compose, for example: docker-compose -f docker-com
How to check the name of the docker containerApr 15, 2025 pm 12:21 PMYou can query the Docker container name by following the steps: List all containers (docker ps). Filter the container list (using the grep command). Gets the container name (located in the "NAMES" column).
How to create containers for dockerApr 15, 2025 pm 12:18 PMCreate a container in Docker: 1. Pull the image: docker pull [mirror name] 2. Create a container: docker run [Options] [mirror name] [Command] 3. Start the container: docker start [Container name]
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Dreamweaver CS6
Visual web development tools
