我让它正常工作,但现在它停了。我尝试了以下命令,但没有效果:

Docker运行-dns 8.8.8.8 base ping google.com

Docker运行base ping google.com

Sysctl -w net.ipv4。Ip_forward =1 -在主机和容器上

我得到的是未知主机google.com。Docker 0.7.0版本

什么好主意吗?

P.S. ufw也被禁用了


当前回答

唯一能在我的电脑上工作的东西(8.8.8.8不起作用)

找出本地机器中使用的DNS:

$ netstat -ntpl | grep :53
tcp        0      0 10.194.128.1:53         0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.2.1:53            0.0.0.0:*               LISTEN      -

修改docker配置sudo vim /etc/docker/daemon.Json基于上述信息在您自己的计算机上

{
  "dns": ["192.168.122.1","10.194.128.1"]
}

重启码头工人

sudo ip link delete docker0
sudo systemctl restart docker

其他回答

缺少代理设置也可能导致无法上网。在这种情况下,——network host也可能不起作用。代理可以通过设置环境变量http_proxy和https_proxy来配置:

docker run -e "http_proxy=YOUR-PROXY" \
           -e "https_proxy=YOUR-PROXY"\
           -e "no_proxy=localhost,127.0.0.1" ... 

不要忘记设置no_proxy,否则所有请求(包括对localhost的请求)都将通过代理。

更多信息:Archlinux Wiki中的代理设置。

对我来说,这是iptables的转发规则。由于某种原因,下面的规则,当与docker的iptables规则结合在一起时,导致所有来自容器的出站流量都到达localhost:8080:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080

通过以下建议修复:

[…你能试着重置一切吗?

pkill docker
iptables -t nat -F
ifconfig docker0 down
brctl delbr docker0
docker -d

它将迫使docker重新创建网桥并重新执行所有网络规则

https://github.com/dotcloud/docker/issues/866#issuecomment-19218300

似乎界面以某种方式“挂起”。

更新docker的最新版本:

上面的答案可能仍然可以帮你完成工作,但自从这个答案发布以来已经有很长一段时间了,docker现在更加完善了,所以在使用iptables和所有东西之前,一定要先尝试这些。

Sudo service docker restart或者(如果你的Linux发行版没有使用upstart) Sudo systemctl restart docker

重启docker的方法不是手动,而是使用service或systemctl命令:

service docker restart

or

systemctl restart docker

我使用的是Arch Linux,在尝试了以上所有的答案后,我意识到我的机器上启用了防火墙,nftables,并禁用它。我说:

sudo systemctl disable nftables
sudo systemctl stop nftables
sudo reboot

我的网卡:

➜  ~ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp1s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 68:f7:28:84:e7:fe brd ff:ff:ff:ff:ff:ff
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
    link/ether d0:7e:35:d2:42:6d brd ff:ff:ff:ff:ff:ff
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:43:3f:ff:94 brd ff:ff:ff:ff:ff:ff
5: br-c51881f83e32: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:ae:34:49:c3 brd ff:ff:ff:ff:ff:ff
6: br-c5b2a1d25a86: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:72:d3:6f:4d brd ff:ff:ff:ff:ff:ff
8: veth56f42a2@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether 8e:70:36:10:4e:83 brd ff:ff:ff:ff:ff:ff link-netnsid 0

和我的防火墙配置,/etc/nftables.conf,我现在禁用了,将来会尝试改进,这样我就可以正确设置docker0网卡规则:

#!/usr/bin/nft -f
# vim:set ts=2 sw=2 et:

# IPv4/IPv6 Simple & Safe firewall ruleset.
# More examples in /usr/share/nftables/ and /usr/share/doc/nftables/examples/.

table inet filter
delete table inet filter
table inet filter {
  chain input {
    type filter hook input priority filter
    policy drop

    ct state invalid drop comment "early drop of invalid connections"
    ct state {established, related} accept comment "allow tracked connections"
    iifname lo accept comment "allow from loopback"
    ip protocol icmp accept comment "allow icmp"
    meta l4proto ipv6-icmp accept comment "allow icmp v6"
    #tcp dport ssh accept comment "allow sshd"
    pkttype host limit rate 5/second counter reject with icmpx type admin-prohibited
    counter
  }
  chain forward {
    type filter hook forward priority filter
    policy drop
  }