Solutions to the problem that docker cannot ping the host: 1. Modify daemon.json; 2. Turn off the firewall; 3. Modify sysctl.conf; 4. Reset the network bridge.
The operating environment of this article: ubuntu16.04 system, Docker 20.10.11, Dell G3 computer.
What should I do if docker cannot ping the host?
Docker bridge mode cannot ping the host
Problem description:
Docker
The network mode is divided into four types. Generally, when we do not set it, the default is bridge
single bridge mode, the container uses an independent network Namespace
and is connected to the docker0
virtual network card. Communicate with the host through the docker0
bridge and Iptables nat
table configuration.
At this time, test on the bastion machine and use busybox
to test:
# 拉取镜像 docker pull busybox # 运行容器 docker run -itd --name busy_bridge busybox
Instruction docker network inspect bridge
Check the network:
ip. You can see that
ip has been allocated, but
ping fails when pinging the external network and cannot Connect to the external network:
docker, and then they can connect. Usually it is because a certain configuration is modified and then Restarting works, it has no effect here. Generally, there are several types of modifications. Try them one by one below:
- Modifydaemon.json
daemon.json to specify the allocation. Use the command
vim /etc/docker/daemon.jsonAdd after entering:
{"bip":"172.16.10.1/24"} Although you can access it by restarting
docker and creating a container, there is no conflict at all between the
ip assigned by the original bastion host and the container. The method doesn’t work.
- Turn off the firewall
docker, the container could be accessed normally.
However, the firewall on the bastion machine is originally turned off, so this method is useless.
- Modifysysctl.conf
The internal network of the host is normal, and the network with other hosts is normal. The connection fails. Other hosts cannot connect to the port mapped on the docker
host, and docker
cannot connect to external hosts internally. Use the docker info
command to check the information and find the following error: <pre class="brush:php;toolbar:false">WARNING: IPv4 forwarding is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled</pre>
Use the command
Edit the configuration file and add the following code to the file: <pre class="brush:php;toolbar:false">net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-arptables=1
net.ipv4.ip_forward=1</pre>
Then use the command
Restart the network and check docker info
again, the warning disappears. But it's still useless. The container on the bastion machine still cannot access the host machine through the bridge and cannot access the external network.
- Reset the bridge
- After using the command
to install the tool, use brctl show
Check the network bridge and you can find:
Use the docker network create [bridge name]
command to create a new network bridge and find the generated bridge id
is still 8000.0000000000
, create a container on the new bridge, and check again and there is no change, indicating that it is probably a problem with the bridge. Test again. At this time, the bridge
ip
is 172.17.0.1
and the container ip
is 172.0.0.2
. The host function is found. ping
The network bridge is connected, but the container cannot be connected. The container cannot connect to the network bridge and cannot connect to the host, let alone the external network, so there must be a problem with the network bridge. <h3 id="问题解决">问题解决</h3>
<p> 这里<code>docker network
生成新的网桥不行,说明docker
的network
存在问题,我们利用刚才下载的bridge-utils
来创建网桥。
首先暂停docker
服务,利用指令:
service docker stop
添加网桥:
brctl addbr br0
添加ip
字段:
ip addr add 172.16.0.1/24 dev br0
启用网桥br0
:
ip link set dev br0 up
查看网络br0
:
修改docker
默认网桥:
vim /etc/docker/daemon.json
添加字段:
"bridge":"br0"
重启docker
:
service docker start
此时查看网桥:
在没有挂载容器前,依旧是8000.000000000000
。运行测试容器:
docker run -itd --name busy_test busybox
查看What should I do if docker cannot ping the host?:
此时容器挂载在网桥上了,再次查看网桥id
:
说明已经其作用,进入测试容器内部,What should I do if docker cannot ping the host?:
成功!
补充:这里使用docker network
新建网桥,没有用,发现新建网桥挂载容器后,其bridge id
依旧不变,没有起作用,说明堡垒机上的docker network
可能存在问题。
问题补充:
上面的问题是创建自定义网桥,然后在自定义网桥上连接容器a
和b
,结果宿主机无法ping
通a
、b
,且进入容器内部后,两个容器无法ping
通自定义网络,但能彼此相通。
查了很多资料,发现了这篇文章。博主说问题原因是系统内核的网桥模块bridge.ko
加载失败导致,解决问题的方案是升级内核或升级系统。
升级centos
内核参考这篇。
升级完成后,重装Docker
,自定义网桥和容器,成功!不再有网络问题。
推荐学习:《docker视频教程》
The above is the detailed content of What should I do if docker cannot ping the host?. For more information, please follow other related articles on the PHP Chinese website!

The difference between Docker and Kubernetes is that Docker is a containerized platform suitable for small projects and development environments; Kubernetes is a container orchestration system suitable for large projects and production environments. 1.Docker simplifies application deployment and is suitable for small projects with limited resources. 2. Kubernetes provides automation and scalability capabilities, suitable for large projects that require efficient management.

Use Docker and Kubernetes to build scalable applications. 1) Create container images using Dockerfile, 2) Deployment and Service of Kubernetes through kubectl command, 3) Use HorizontalPodAutoscaler to achieve automatic scaling, thereby building an efficient and scalable application architecture.

The main difference between Docker and Kubernetes is that Docker is used for containerization, while Kubernetes is used for container orchestration. 1.Docker provides a consistent environment to develop, test and deploy applications, and implement isolation and resource limitation through containers. 2. Kubernetes manages containerized applications, provides automated deployment, expansion and management functions, and supports load balancing and automatic scaling. The combination of the two can improve application deployment and management efficiency.

Installing and configuring Docker on Linux requires ensuring that the system is 64-bit and kernel version 3.10 and above, use the command "sudoapt-getupdate" and install it with the command "sudoapt-getupdate" and verify it with "sudoapt-getupdate" and. Docker uses the namespace and control groups of the Linux kernel to achieve container isolation and resource limitation. The image is a read-only template, and the container can be modified. Examples of usage include running an Nginx server and creating images with custom Dockerfiles. common

The reason for using Docker is that it provides an efficient, portable and consistent environment to package, distribute, and run applications. 1) Docker is a containerized platform that allows developers to package applications and their dependencies into lightweight, portable containers. 2) It is based on Linux container technology and joint file system to ensure fast startup and efficient operation. 3) Docker supports multi-stage construction, optimizes image size and deployment speed. 4) Using Docker can simplify development and deployment processes, improve efficiency and ensure consistency across environments.

Docker's application scenarios in actual projects include simplifying deployment, managing multi-container applications and performance optimization. 1.Docker simplifies application deployment, such as using Dockerfile to deploy Node.js applications. 2. DockerCompose manages multi-container applications, such as web and database services in microservice architecture. 3. Performance optimization uses multi-stage construction to reduce the image size and monitor the container status through health checks.

Select Docker in a small project or development environment, and Kubernetes in a large project or production environment. 1.Docker is suitable for rapid iteration and testing, 2. Kubernetes provides powerful container orchestration capabilities, suitable for managing and expanding large applications.

Docker is important on Linux because Linux is its native platform that provides rich tools and community support. 1. Install Docker: Use sudoapt-getupdate and sudoapt-getinstalldocker-cedocker-ce-clicotainerd.io. 2. Create and manage containers: Use dockerrun commands, such as dockerrun-d--namemynginx-p80:80nginx. 3. Write Dockerfile: Optimize the image size and use multi-stage construction. 4. Optimization and debugging: Use dockerlogs and dockerex


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

SublimeText3 Mac version
God-level code editing software (SublimeText3)

SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
