Problem Description
I started a docker on the apache server A, use the following command
docker run -id -p 8080:80 --name test_apache -v /var/www/houtai:/var/www/houtai apache:latest
After docker start using the netstat -ntalp | grep 8080
discovery port monitor success, and then to the client initiates a request to a discovery request is unsuccessful, suggesting that the connection fails, then telnet
find 8080 port blocked, this time to check firewalld
and selinux
discover are turned off, the A server telnet
8080 found that normal communication, the use of iptables -t nat -L
checks iptables
forwarded normal, but it is unreasonable,
Problem Solution
According to the investigation and analysis of the above issues is certainly forward that a problem, I think of Linux kernel forwarding forwards to open net.ipv4.ip_forward
, so check the kernel forwarding is turned on
[root@localhost ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
Found status is 0 for forwarding kernel does not open, it is estimated that the problem is caused by a ghost, then open the kernel forwarding parameter
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@localhost ~]# sysctl -p #刷新下内核参数
The client then requests again found normal.
Reflection
1, docker's proxy after the 1.7 version are all dependent on iptables
the
2, so docker forward when in fact created a forwarding rule in iptables, then forwarded according to the forwarding rules
3, iptables needs to forward it must be open NIC forwarding function, which is net.ipv4.ip_forward
to be out on state
Check the process:
1, check whether the normal start docker container
2, docker port Name container port mapping to see if the success of
3, using iptables -t nat -nL see if iptables forwarding chain configuration is successful
4. Check the network card is turned forward