我只能从 localhost 访问 Docker 容器
[英]I can only access Docker containers from localhost
问题描述
I have Docker installed on a VPS but unfortunately I can't access the containers from other machines.
我在 VPS 上安装了 Docker 但不幸的是我无法从其他机器访问容器。 I also have WireGuard running on 10.210.1.1 on the VPS.我还在 VPS 上的 10.210.1.1 上运行了 WireGuard。 With docker run -d --name apache-server -p 8080:80 httpd I created the Apache2 container.使用docker run -d --name apache-server -p 8080:80 httpd我创建了 Apache2 容器。
I can access http://10.210.1.1:8080 from the localhost with curl, but not from other machines.我可以使用 curl 从本地主机访问http://10.210.1.1:8080 ,但不能从其他机器访问。 Services that have BareMetal installed can also be reached under the IP, so the problem should be with Docker.安装了 BareMetal 的服务也可以在 IP 下访问,所以问题应该出在 Docker 上。
Maybe it is also due to my nftables config:也许这也是由于我的 nftables 配置:
define pub_iface = eth0
define wg_iface = wg0
define wg_port = 51821
table inet basic-filter {
chain input {
type filter hook input priority 0; policy drop;
ct state { established, related } accept
iif lo accept
ip protocol icmp accept
ip6 nexthdr ipv6-icmp accept
meta l4proto ipv6-icmp accept
iif $pub_iface tcp dport 51829 accept
iif $pub_iface udp dport $wg_port accept
iifname $wg_iface accept
ct state invalid drop
reject
}
chain forward {
type filter hook forward priority 0; policy drop;
ct state { established, related } accept
iifname $wg_iface oifname $wg_iface accept
iifname $wg_iface oifname $pub_iface accept
ct state invalid drop
reject with icmpx type host-unreachable
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
iifname $wg_iface oifname $pub_iface masquerade
}
}
I don't know but I surely have a mistake somewhere.我不知道,但我肯定在某个地方有错误。
1 个解决方案
解决方案1
0 2022-09-16 20:04:10
the following entry was missing in the forward chain:前向链中缺少以下条目:
iifname "wg0" oifname "docker0" accept
sorry对不起
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.