Docker 容器即使只有私有网络也能ping通外部
Docker container can ping outside even if it has only a private network
我正在尝试创建一个 Vagrant 项目:
1. 具有互联网访问权限(桥接)的 VirtualBox VM(Ubonda),只能与 2.
2. 可以与 1.(桥接)和 3.(仅主机)通信的 Docker 容器(从属连接器)
3. 一个只能由 2.
访问的 Docker(Slave1) 容器
这是我的 VagrantFile:
Vagrant.configure("2") do |config|
config.vm.define "ubonda" do |vm0|
vm0.vm.box = "hashicorp/precise64"
vm0.vm.provider "virtualbox"
vm0.vm.network "public_network", ip: "192.168.1.75", bridge: "wlan0"
end
config.vm.define "slave-connector" do |vm1|
vm1.vm.hostname = "slave-connector"
vm1.vm.provider "docker" do |d|
d.build_dir = "."
d.name = 'slave-connector'
end
vm1.vm.network :public_network, type: "dhcp", bridge: "wlan0", docker_network__ip_range: "192.168.1.252/24"
vm1.vm.network :private_network,ip: "172.20.128.2", netmask: "16"
end
config.vm.define "slave1" do |vm2|
vm2.vm.hostname = "slave1"
vm2.vm.provider "docker" do |d|
d.build_dir = "."
d.name = 'slave1'
end
vm2.vm.network :private_network,ip: "172.20.128.3", netmask: "16"
end
end
我不知道为什么,但是 Slave1 可以 ping 通 Ubonda,即使它没有访问它的权限!
我怎样才能做到这一点?
我认为实现这一点的正确方法是
- 创建docker网络:
docker network create bridge2 --gateway=192.168.50.1 --subnet=192.168.50.1/24
- 检查网络 ID:
docker network ls
- 放入 Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.define "ubonda" do |vm0|
vm0.vm.box = "hashicorp/precise64
vm0.vm.provider "virtualbox"
vm0.vm.network "public_network", ip: "192.168.50.4", bridge: "br-9ed82ac09f1b"
end
config.vm.define "slave-connector" do |vm1|
vm1.vm.hostname = "slave-connector"
vm1.vm.provider "docker" do |d|
d.build_dir = "."
d.name = 'slave-connector'
end
vm1.vm.network :public_network, ip: "192.168.50.5", bridge: "br-9ed82ac09f1b"
vm1.vm.network :private_network,ip: "50.20.128.2", netmask: "16", , docker_network__internal: true
end
config.vm.define "slave1" do |vm2|
vm2.vm.hostname = "slave1"
vm2.vm.provider "docker" do |d|
d.build_dir = "."
d.name = 'slave1'
end
vm2.vm.network :private_network,ip: "50.20.128.3", netmask: "16", docker_network__internal: true
end
end
我正在尝试创建一个 Vagrant 项目: 1. 具有互联网访问权限(桥接)的 VirtualBox VM(Ubonda),只能与 2. 2. 可以与 1.(桥接)和 3.(仅主机)通信的 Docker 容器(从属连接器) 3. 一个只能由 2.
访问的 Docker(Slave1) 容器这是我的 VagrantFile:
Vagrant.configure("2") do |config|
config.vm.define "ubonda" do |vm0|
vm0.vm.box = "hashicorp/precise64"
vm0.vm.provider "virtualbox"
vm0.vm.network "public_network", ip: "192.168.1.75", bridge: "wlan0"
end
config.vm.define "slave-connector" do |vm1|
vm1.vm.hostname = "slave-connector"
vm1.vm.provider "docker" do |d|
d.build_dir = "."
d.name = 'slave-connector'
end
vm1.vm.network :public_network, type: "dhcp", bridge: "wlan0", docker_network__ip_range: "192.168.1.252/24"
vm1.vm.network :private_network,ip: "172.20.128.2", netmask: "16"
end
config.vm.define "slave1" do |vm2|
vm2.vm.hostname = "slave1"
vm2.vm.provider "docker" do |d|
d.build_dir = "."
d.name = 'slave1'
end
vm2.vm.network :private_network,ip: "172.20.128.3", netmask: "16"
end
end
我不知道为什么,但是 Slave1 可以 ping 通 Ubonda,即使它没有访问它的权限! 我怎样才能做到这一点?
我认为实现这一点的正确方法是
- 创建docker网络:
docker network create bridge2 --gateway=192.168.50.1 --subnet=192.168.50.1/24
- 检查网络 ID:
docker network ls
- 放入 Vagrantfile:
Vagrant.configure("2") do |config|
config.vm.define "ubonda" do |vm0|
vm0.vm.box = "hashicorp/precise64
vm0.vm.provider "virtualbox"
vm0.vm.network "public_network", ip: "192.168.50.4", bridge: "br-9ed82ac09f1b"
end
config.vm.define "slave-connector" do |vm1|
vm1.vm.hostname = "slave-connector"
vm1.vm.provider "docker" do |d|
d.build_dir = "."
d.name = 'slave-connector'
end
vm1.vm.network :public_network, ip: "192.168.50.5", bridge: "br-9ed82ac09f1b"
vm1.vm.network :private_network,ip: "50.20.128.2", netmask: "16", , docker_network__internal: true
end
config.vm.define "slave1" do |vm2|
vm2.vm.hostname = "slave1"
vm2.vm.provider "docker" do |d|
d.build_dir = "."
d.name = 'slave1'
end
vm2.vm.network :private_network,ip: "50.20.128.3", netmask: "16", docker_network__internal: true
end
end