docker内部ip与内网其它ip网段冲突导致无法访问的解决方法

现象:

宿主机和docker内部能互相访问非常正常,但docker内部访问外部网络内网其中一个网段172.18.0.x则无法访问。

排查

由于docker是精简过的系统,需另外安装网络相关命令
首先更新apt-get,否则在apt-get install 命令时会报E: Unable to locate package xx错误

apt-get update

安装网络工具

apt-get install -y net-tools

安装ping和telnet

apt-get install -y iputils-ping
apt-get install -y telnet

查看本机ip和网关,可用ifconfig和hostname -i命令

ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.18.1.2  netmask 255.255.255.0  broadcast 172.18.1.255
        ether 02:42:ac:14:01:02  txqueuelen 0  (Ethernet)
        RX packets 224  bytes 20754 (20.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 226  bytes 1617336 (1.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

果然ip为172.18.0.x,与现在外部内网其中一段Ip重复了,但是并没有看到网关,再在cmd里通过docker network命令确认一下

docker network ls
NETWORK ID     NAME                   DRIVER    SCOPE
f2d743a9d1d7   bridge                 bridge    local
aa072983972b   host                   host      local
3689e62360ba   none                   null      local
0c92c70dfedd   webcloudapi_default    bridge    local

然后查询该网络详细

docker network inspect webcloudapi_default
[
    {
        "Name": "webcloudapi_default",
        "Id": "0c92c70dfeddaca8722c5278831f07cb1555be23fdc74b8536ad2017eeb4ca3e",
        "Created": "2023-08-31T01:23:30.156696Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "default",
            "com.docker.compose.project": "webcloudapi",
            "com.docker.compose.version": "2.20.2"
        }
    }
]

看到ip和网关都为172.18.0.x的,这时候确认问题,可以着手调整了。

解决方案

通过docker compose在部署的时候更改默认ip和网关即可。
webapi-compose.yml

version: '3'
networks:
  test-net:
    ipam:
      config:
      - subnet: 172.20.1.0/24
        gateway: 172.20.1.1
services:
  webcloudapi:
    image: webcloudapi
    container_name: webcloudapi
    hostname: webcloudapi
    ports:
        - 20020:80
    restart: always
    networks:
      test-net:
        ipv4_address: 172.20.1.2

重新运行部署此yml文件(注意,这个操作会将原容器更改过的内容,包括新下载的命令软件全部重置)

docker compose -p webcloudapi -f webapi-compose.yml up -d

这时候再用api-get重新按上述步骤下载网络相关命令查看,ip和网关都变成172.20.1.x网段了,说明设置成功,但ping 172.18.0.x仍然无法连通,奇怪,后来终于发现问题所在,是之前部署的docker network配置还存在导致的问题

docker network ls
NETWORK ID     NAME                   DRIVER    SCOPE
f2d743a9d1d7   bridge                 bridge    local
aa072983972b   host                   host      local
3689e62360ba   none                   null      local
0c92c70dfedd   webcloudapi_default    bridge    local
d0916e722225   webcloudapi_test-net   bridge    local

上面的webcloudapi_default是原来的,webcloudapi_test-net是新建的,因此只要删除原来的即可。

docker network rm webcloudapi_default

重启容器后,终于ping通了,至此问题解决。

你可能感兴趣的:(Docker,docker,network,ip冲突)