荆棘从死亡中来,死亡又包含着新生。
      •  0 回帖  •  602 浏览  •  3 年前
 

docker 学习笔记(四)

网络

查询所有网络

[root@test ~]# docker network ls
NETWORK ID          NAME                            DRIVER              SCOPE
dd7e1b16bd7e        bridge                          bridge              local
a4e5b09d5de7        host                            host                local
8ukl40z7lsbw        ingress                         overlay             swarm
9a052ca6827b        none                            null                local

[root@test ~]# yum -y install bridge-utils
Loaded plugins: fastestmirror, product-id, search-disabled-repos,
              : subscription-manager
[root@test ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br-5e09f0a7664c		8000.0242da00cccc	no
docker0		8000.0242734aa827	no
docker_gwbridge		8000.024240ac7b91	no		veth02042c3
							veth3c4a351
							veth9459602

[root@test ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:d2:51:7e brd ff:ff:ff:ff:ff:ff
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:73:4a:a8:27 brd ff:ff:ff:ff:ff:ff
4: docker_gwbridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:40🇦🇨7b:91 brd ff:ff:ff:ff:ff:ff
5: br-5e09f0a7664c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:da:00🇨🇨cc brd ff:ff:ff:ff:ff:ff
11: veth3c4a351@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP mode DEFAULT group default 
    link/ether d2🇪🇪fc:13:cb:a6 brd ff:ff:ff:ff:ff:ff link-netnsid 1
17: veth02042c3@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP mode DEFAULT group default 
    link/ether 1a:08:e2:0e:ce:d3 brd ff:ff:ff:ff:ff:ff link-netnsid 3
19: veth9459602@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker_gwbridge state UP mode DEFAULT group default 
    link/ether 6a:d7:70:41:63:07 brd ff:ff:ff:ff:ff:ff link-netnsid 2

[root@test ~]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 89 packets, 5588 bytes)
 pkts bytes target     prot opt in     out     source               destination   
    0     0 DOCKER-INGRESS  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
   93  6828 PREROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
   93  6828 PREROUTING_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
   93  6828 PREROUTING_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    1    60 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination   

Chain OUTPUT (policy ACCEPT 170 packets, 12456 bytes)
 pkts bytes target     prot opt in     out     source               destination   
    0     0 DOCKER-INGRESS  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL
  203 14819 OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 170 packets, 12456 bytes)
 pkts bytes target     prot opt in     out     source               destination   
    0     0 MASQUERADE  all  --  *      docker_gwbridge  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match src-type LOCAL
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0   
    0     0 MASQUERADE  all  --  *      !br-5e09f0a7664c  172.20.0.0/16        0.0.0.0/0   
    0     0 MASQUERADE  all  --  *      !docker_gwbridge  172.19.0.0/16        0.0.0.0/0   
  203 14819 POSTROUTING_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
  203 14819 POSTROUTING_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
  203 14819 POSTROUTING_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination   
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0   
    0     0 RETURN     all  --  br-5e09f0a7664c *       0.0.0.0/0            0.0.0.0/0   
    0     0 RETURN     all  --  docker_gwbridge *       0.0.0.0/0            0.0.0.0/0   

Chain DOCKER-INGRESS (2 references)
 pkts bytes target     prot opt in     out     source               destination   
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.19.0.2:80
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain POSTROUTING_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination   
  202 14759 POST_public  all  --  *      enp0s3  0.0.0.0/0            0.0.0.0/0           [goto] 
    1    60 POST_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain POSTROUTING_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain POSTROUTING_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain POST_public (2 references)
 pkts bytes target     prot opt in     out     source               destination   
  203 14819 POST_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
  203 14819 POST_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
  203 14819 POST_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain POST_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain POST_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain POST_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain PREROUTING_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination   
   93  6828 PRE_public  all  --  enp0s3 *       0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 PRE_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain PREROUTING_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain PREROUTING_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain PRE_public (2 references)
 pkts bytes target     prot opt in     out     source               destination   
   93  6828 PRE_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
   93  6828 PRE_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
   93  6828 PRE_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0   

Chain PRE_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain PRE_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination   

Chain PRE_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

上一篇 docker 学习笔记(三)
docker 学习笔记目录
下一篇 docker 学习笔记(五)