Search code examples
bashubuntudockeriptables

docker cannot specify container connection

docker configure: root@ubuntu> ps -ef | grep docker root xxxxx /usr/bin/dockerd -H fd:// -b=br0 --icc=false --iptables=true

start 'web' container:

docker run -d --name web -p 8080:80 php-fpm:5.4

start 'test' container:

docker run -dit --name test --link web:web blackhole/ubuntu:0.1 bash

iptables filter:

root@ubuntu> sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (0 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            192.168.100.2        tcp dpt:80
ACCEPT     tcp  --  192.168.100.3        192.168.100.2        tcp dpt:80
ACCEPT     tcp  --  192.168.100.2        192.168.100.3        tcp spt:80
ACCEPT     tcp  --  192.168.100.3        192.168.100.2        tcp dpt:443
ACCEPT     tcp  --  192.168.100.2        192.168.100.3        tcp spt:443
ACCEPT     tcp  --  192.168.100.3        192.168.100.2        tcp dpt:22
ACCEPT     tcp  --  192.168.100.2        192.168.100.3        tcp spt:22

in 'test' container:

sudo docker exec -it test bash
root@00585b9efea8:/# cat /etc/hosts
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.100.2   web 2cec3235f5fa
192.168.100.3   00585b9efea8
root@00585b9efea8:/# ping web
PING web (192.168.100.2): 56 data bytes
^C--- web ping statistics ---
12 packets transmitted, 0 packets received, 100% packet loss
root@00585b9efea8:/# ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2): 56 data bytes
^C--- 192.168.100.2 ping statistics ---
12 packets transmitted, 0 packets received, 100% packet loss
root@00585b9efea8:/# curl web
^C
root@00585b9efea8:/# curl http://192.168.100.2:80
^C

Three conditions for specifying a container:

--icc=fasle

--iptables=true

--link

No problem,Why not?

ubuntu version:16.04.2 LTS docker version:.13.1 kernel version:4.9.0-040900-generic

Solution

  • the link option has been deprecated. For a DNS based service discovery, you should create a new bridged network and specify --net to have the docker containers join this network:

    create new bridged network:

    docker network create --subnet=192.168.177.0/24 --gateway=192.168.177.1 www

    create two containers on this network:

    docker run -d --name=nginx1 --net=www nginx:1-alpine
docker run -d --name=nginx2 --net=www nginx:1-alpine

    try pinging eachother by name:

    docker exec -it nginx1 /bin/sh
/ # ping nginx2
PING nginx2 (192.168.177.3): 56 data bytes
64 bytes from 192.168.177.3: seq=0 ttl=64 time=0.113 ms
64 bytes from 192.168.177.3: seq=1 ttl=64 time=0.123 ms

--- nginx2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.113/0.118/0.123 ms

    you can view containers on this network by executing docker network inspect www

    more information can be found here: https://docs.docker.com/engine/userguide/networking/