问题描述

作为标题.当docker0处于混杂模式时，我只能从主机访问docker容器，甚至我都停止了我的firewalld.service.

As the title. I can only access my docker container from the host when docker0 in promiscuous mode,even I had stopped my firewalld.service.

我通过此命令启动容器 docker run -p 9000:80 --name nginx --rm nginx .
当我尝试连接到服务器时: curl 127.0.0.1:9000 ，它返回:接收失败:对等方重置连接

I start the container by this commanddocker run -p 9000:80 --name nginx --rm nginx.
And when I try to connect to the server:curl 127.0.0.1:9000, it returns: Recv failure: Connection reset by peer

但是，如果我像这样在docker0上运行tcpdump:
sudo tcpdump -i docker0
一切都按预期进行.经过一番搜索之后，我发现tcpdump命令转换为docker0接口变为混杂模式.

But if I run tcpdump on the docker0 like this:
sudo tcpdump -i docker0
everything just works as expected. After some searching, I found the tcpdump command convert the docker0 interface to promiscuous mode.

我的主机系统:centos-release-7-7.1908.0.el7.centos.x86_64
Docker版本:19.03.8

my host system: centos-release-7-7.1908.0.el7.centos.x86_64
Docker version: 19.03.8

推荐答案

最后，我找到了解决方案！事实证明这是一个不好的接口.我必须删除docker0接口并重新启动docker服务.然后问题就消失了！

Finally, I find a solution! It turns out to be a bad interface. I have to remove the docker0 interface and restart the docker service. Then the problem just disappears!

sudo ip link delete docker0
sudo systemctl restart docker.service

这篇关于当docker0处于混杂模式时，docker容器只能由主机访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！