狀況
從 docker 內部無法連接外網,但是主機可以。例如
[root@test-vm oraGtw4db2]# docker exec -it oragtw4db2 bash
[root@text-docker /]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5119ms
檢查步驟
- 從 docker 內部 ping 外網,例如: ping 8.8.8.8
- 從 主機 內部 ping 外網,例如: ping 8.8.8.8
- 檢查 docker 啟動時有錯誤訊息,指令:
journalctl -u docker.service
錯誤訊息處理
bridge-nf-call-iptables is disabled
- level=warning msg=“WARNING: bridge-nf-call-iptables is disabled”
- level=warning msg=“WARNING: bridge-nf-call-ip6tables is disabled”
啟用 br_netfilter
OL9
sudo modprobe br_netfilter
lsmod | grep br_netfilter
sudo sysctl -w net.bridge.bridge-nf-call-iptables=1
sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=1
sudo docker compose down -f /path/to/your/docker-compose.yml
sudo systemctl restart docker
sudo docker compose up -f /path/to/your/docker-compose.yml -d
echo "br_netfilter" | sudo tee /etc/modules-load.d/br_netfilter.conf
echo "net.bridge.bridge-nf-call-iptables = 1" | sudo tee -a /etc/sysctl.conf
echo "net.bridge.bridge-nf-call-ip6tables = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
- level=warning msg=“Not using native diff for overlay2, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled” storage-driver=overlay2