说明:
正常情况下在docker0下的容器IP与局域名其他机器隔绝,需要做端口映射来使用容器中的资源,那么有没有一种方法在不使用br0桥接模式下,使用docker0默认方式使局域网直接访问容器呢?请见下面过程
1、配置路由,将至172网段的数据路由至docker宿主机
2、宿主机开启转发功能
添加最下面一行
[root@localhost ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1
3、firewalld开启NAT转发功能
[root@localhost src]# firewall-cmd --permanent --zone=public --add-masquerade
success
[root@localhost src]# firewall-cmd --reload
success
[root@localhost src]# firewall-cmd --query-masquerade
yes
4、测试
[root@localhost src]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
centos7_ssh latest b1a0c70ee5a8 2 days ago 859 MB
docker.io/nginx latest 08393e824c32 6 days ago 132 MB
[root@localhost src]#
[root@localhost src]# docker run -itd --privileged docker.io/nginx
c5d74b849f60f078d17cdc27e7f4851de6a8ede8b782ac2922be3027f59cbe78
[root@localhost src]# docker inspect c5d74b849f60|grep -i ipaddr
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAddress": "172.17.0.2",
浏览器直接访问172.17.0.2
----------------end