linux运行16668端口,使docker使用IPv4进行端口绑定

问题描述

我有docker主机，里面有一个容器。

docker主机仅绑定IPv6接口上的端口，而不绑定IPv4。

这是输出

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -

tcp 0 0 0.0.0.0:55082 0.0.0.0:* LISTEN -

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -

tcp6 0 0 :::80 :::* LISTEN -

tcp6 0 0 :::22 :::* LISTEN -

tcp6 0 0 :::40280 :::* LISTEN -

tcp6 0 0 :::5432 :::* LISTEN -

tcp6 0 0 :::40122 :::* LISTEN -

tcp6 0 0 :::36378 :::* LISTEN -

tcp6 0 0 :::40543 :::* LISTEN -

tcp6 0 0 :::111 :::* LISTEN -

现在我在主机上有40122端口与容器上的端口22链接。

我想要SSH到该容器，但我无法将其唯一绑定到IPv6

这是我的泊坞版Docker version 1.5.0, build a8a31ef

docker ps

201bde6c839a myapp:latest "supervisord -n" 3 weeks ago Up 2 hours 0.0.0.0:40122->22/tcp, 0.0.0.0:40280->80/tcp, 0.0.0.0:40543->443/tcp myapp

我使用docker run -d -P -p 40122:22运行

netstat -tlna

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN

tcp 0 0 127.0.0.1:3031 0.0.0.0:* LISTEN

tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN

tcp6 0 0 :::22 :::* LISTEN

tcp6 0 0 :::6379 :::* LISTEN

ps aux

root 1 0.0 0.8 52440 16668 ? Ss 00:53 0:03 /usr/bin/python /usr/bin/supervisord -n

root 49 0.0 0.1 17980 3048 ? S 01:32 0:00 bash

root 64 0.0 0.1 46632 2712 ? S 01:32 0:00 su -l vagrant

vagrant 65 0.0 0.1 21308 3760 ? S 01:32 0:00 -su

root 288 0.0 0.1 17980 3088 ? S 02:01 0:00 bash

root 304 0.0 0.1 46632 2720 ? S 02:01 0:00 su -l vagrant

vagrant 305 0.0 0.1 21304 3804 ? S 02:01 0:00 -su

vagrant 308 0.0 3.7 429616 75840 ? Sl+ 02:01 0:05 python ./manage.py shell_plus

root 654 0.0 0.4 47596 9848 ? S 03:12 0:01 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini

root 655 0.0 0.3 90280 7732 ? S 03:12 0:00 nginx: master process /usr/sbin/nginx

www-data 656 0.0 0.1 90600 3624 ? S 03:12 0:00 nginx: worker process

www-data 657 0.0 0.1 90600 3624 ? S 03:12 0:00 nginx: worker process

www-data 658 0.0 0.1 90600 3624 ? S 03:12 0:00 nginx: worker process

www-data 659 0.0 0.2 90940 4500 ? S 03:12 0:00 nginx: worker process

root 660 0.0 0.2 61372 5332 ? S 03:12 0:00 /usr/sbin/sshd -D

root 669 0.0 0.4 37004 8892 ? Sl 03:12 0:01 redis-server *:6379

root 856 8.0 2.8 388720 57792 ? Sl 04:07 0:18 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini

root 857 8.0 2.8 388720 57792 ? Sl 04:07 0:18 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini

root 858 8.0 2.8 388720 57792 ? Sl 04:07 0:18 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini

root 859 8.0 2.8 388720 57792 ? Sl 04:07 0:18 /usr/local/bin/uwsgi --die-on-term --ini /var/www/conf/uwsgi.ini

vagrant 889 0.0 0.1 18692 2508 ? R+ 04:11 0:00 ps aux

最佳解决方案

正如@ daniel-t在评论中指出：github.com/docker/docker/issues/2174是关于在netstat中仅显示对IPv6的绑定，但这不是问题。正如那个github发布的那样：

When setting up the proxy, Docker requests the loopback address ‘127.0.0.1’, Linux realises this is an address that exists in IPv6 (as ::0) and opens on both (but it is formally an IPv6 socket). When you run netstat it sees this and tells you it is an IPv6 – but it is still listening on IPv4. If you have played with your settings a little, you may have disabled this trick Linux does – by setting net.ipv6.bindv6only = 1.

换句话说，仅仅因为您将其视为仅IPv6，它仍然能够在IPv4上进行通信，除非您将IPv6设置为仅使用net.ipv6.bindv6only设置绑定到IPv6。要清楚，net.ipv6.bindv6only应为0 – 您可以运行sysctl net.ipv6.bindv6only来验证。

次佳解决方案

设置net.ipv6.conf.all.forwarding = 1将解决问题。为我工作

参考资料