Solutions to the problem that docker cannot ping the host: 1. Modify daemon.json; 2. Turn off the firewall; 3. Modify sysctl.conf; 4. Reset the network bridge.

The operating environment of this article: ubuntu16.04 system, Docker 20.10.11, Dell G3 computer.

What should I do if docker cannot ping the host?

Docker bridge mode cannot ping the host

Problem description:

　DockerThe network mode is divided into four types. Generally, when we do not set it, the default is bridgesingle bridge mode, the container uses an independent network Namespace and is connected to the docker0 virtual network card. Communicate with the host through the docker0 bridge and Iptables nat table configuration.
? At this time, test on the bastion machine and use busybox to test:

#?拉取鏡像
docker?pull?busybox
#?運(yùn)行容器
docker?run?-itd?--name?busy_bridge?busybox

? Instruction docker network inspect bridge Check the network:

## The network configuration is successful. Go inside the container and check

ip. You can see that ip has been allocated, but ping fails when pinging the external network and cannot Connect to the external network:

? But when you conduct the same test locally or on Alibaba Cloud, you find that you can connect to the network. What is the problem?

Problem Analysis:

?After finding information on the Internet, many people restart

docker, and then they can connect. Usually it is because a certain configuration is modified and then Restarting works, it has no effect here. Generally, there are several types of modifications. Try them one by one below:

1. Modifydaemon.json

The container cannot access the host because the network segment allocated by the bridge conflicts with the host. You need to modify

daemon.json to specify the allocation. Use the command vim /etc/docker/daemon.jsonAdd after entering:

{"bip":"172.16.10.1/24"}

? Although you can access it by restarting

docker and creating a container, there is no conflict at all between the ip assigned by the original bastion host and the container. The method doesn’t work.

2. Turn off the firewall

The container cannot access the host through the bridge, and therefore cannot access the external network. The firewall may be blocking access, so you can turn it off Firewall or open a certain port. Tested on the server, turned on the firewall, and found that the container was indeed unable to access the Baidu homepage and the host. After closing the firewall and restarting

docker, the container could be accessed normally. ?However, the firewall on the bastion machine is originally turned off, so this method is useless.

3. Modifysysctl.conf
## 　

docker

The internal network of the host is normal, and the network with other hosts is normal. The connection fails. Other hosts cannot connect to the port mapped on the docker host, and docker cannot connect to external hosts internally. Use the docker info command to check the information and find the following error: <pre class="brush:php;toolbar:false">WARNING:?IPv4?forwarding?is?disabled WARNING:?bridge-nf-call-iptables?is?disabled WARNING:?bridge-nf-call-ip6tables?is?disabled</pre> ?Use the command

vim /etc/sysctl.conf

Edit the configuration file and add the following code to the file: <pre class="brush:php;toolbar:false">net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-arptables=1 net.ipv4.ip_forward=1</pre> ?Then use the command

systemctl restart network

Restart the network and check docker info again, the warning disappears. But it's still useless. The container on the bastion machine still cannot access the host machine through the bridge and cannot access the external network.

Reset the bridge
After using the command

yum install bridge-utils

to install the tool, use brctl show Check the network bridge and you can find:
Use the docker network create [bridge name]
command to create a new network bridge and find the generated bridge id is still 8000.0000000000, create a container on the new bridge, and check again and there is no change, indicating that it is probably a problem with the bridge. ?Test again. At this time, the bridge ip
is 172.17.0.1 and the container ip is 172.0.0.2. The host function is found. ping The network bridge is connected, but the container cannot be connected. The container cannot connect to the network bridge and cannot connect to the host, let alone the external network, so there must be a problem with the network bridge. <h3 id="問(wèn)題解決">問(wèn)題解決</h3> <p>??這里<code>docker network生成新的網(wǎng)橋不行，說(shuō)明docker的network存在問(wèn)題，我們利用剛才下載的bridge-utils來(lái)創(chuàng)建網(wǎng)橋。
??首先暫停docker服務(wù)，利用指令：

service?docker?stop

??添加網(wǎng)橋：

brctl?addbr?br0

??添加ip字段：

ip?addr?add?172.16.0.1/24?dev?br0

??啟用網(wǎng)橋br0：

ip?link?set?dev?br0?up

??查看網(wǎng)絡(luò)br0：

??修改docker默認(rèn)網(wǎng)橋：

vim?/etc/docker/daemon.json

??添加字段：

"bridge":"br0"

??重啟docker：

service?docker?start

??此時(shí)查看網(wǎng)橋：

??在沒(méi)有掛載容器前，依舊是8000.000000000000。運(yùn)行測(cè)試容器：

docker?run?-itd?--name?busy_test?busybox

??查看What should I do if docker cannot ping the host?：

??此時(shí)容器掛載在網(wǎng)橋上了，再次查看網(wǎng)橋id：

??說(shuō)明已經(jīng)其作用，進(jìn)入測(cè)試容器內(nèi)部，What should I do if docker cannot ping the host?：

??成功！
??補(bǔ)充：這里使用docker network新建網(wǎng)橋，沒(méi)有用，發(fā)現(xiàn)新建網(wǎng)橋掛載容器后，其bridge id依舊不變，沒(méi)有起作用，說(shuō)明堡壘機(jī)上的docker network可能存在問(wèn)題。

問(wèn)題補(bǔ)充：

??上面的問(wèn)題是創(chuàng)建自定義網(wǎng)橋，然后在自定義網(wǎng)橋上連接容器a和b，結(jié)果宿主機(jī)無(wú)法ping通a、b，且進(jìn)入容器內(nèi)部后，兩個(gè)容器無(wú)法ping通自定義網(wǎng)絡(luò)，但能彼此相通。
??查了很多資料，發(fā)現(xiàn)了這篇文章。博主說(shuō)問(wèn)題原因是系統(tǒng)內(nèi)核的網(wǎng)橋模塊bridge.ko加載失敗導(dǎo)致，解決問(wèn)題的方案是升級(jí)內(nèi)核或升級(jí)系統(tǒng)。
??升級(jí)centos內(nèi)核參考這篇。
??升級(jí)完成后，重裝Docker，自定義網(wǎng)橋和容器，成功！不再有網(wǎng)絡(luò)問(wèn)題。

推薦學(xué)習(xí)：《docker視頻教程》

The above is the detailed content of What should I do if docker cannot ping the host?. For more information, please follow other related articles on the PHP Chinese website!