# brctl show docker0
bridge name bridge id STP enabled interfaces
docker0 8000.56847afe9799 no
아직 아무런 인터페이스가 붙어있지 않다. 브릿지만 덩그러니 놓여있는 상태다.
docker0은 172.17.42.1 IP 주소를 가지며, 게이트웨이 역할을 한다. 외부로 나갈 경우 NAT를 해야 할테다. NAT 정보를 확인해 보기로 했다.
# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 7489 packets, 1161K bytes)
pkts bytes target prot opt in out source destination
1 76 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 1364 packets, 216K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1937 packets, 122K bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 1937 packets, 122K bytes)
pkts bytes target prot opt in out source destination
3 208 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
docker0으로 향하는 패킷을 제외한 모든 패킷에 대해서 SNAT하고 있음을 알 수 있다.
디버깅 정보.
# iptables -nvL --line-numbers
Chain INPUT (policy ACCEPT 1553 packets, 2013K bytes)
num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 13894 21M ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
2 8809 456K ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
3 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 110 packets, 11477 bytes)
num pkts bytes target prot opt in out source destination
브릿지 정보 확인
도커 컨테이너를 기본 네트워크로 실행 한 후, docker0 정보를 확인했다.
# brctl show docker0
bridge name bridge id STP enabled interfaces
docker0 8000.56847afe9799 no veth0b37
veth24c4
# brctl showmacs docker0
port no mac addr is local? ageing timer
2 1a:13:90:cf:10:dd yes 0.00
2 42:5a:32:bd:a3:10 no 2.26
1 72:09:b7:05:c5:eb yes 0.00
Contents
Docker Network
테스트 환경
브릿지 네트워크
# ifconfig docker0 Link encap:Ethernet HWaddr 56:84:7a:fe:97:99 inet addr:172.17.42.1 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::5484:7aff:fefe:9799/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:536 (536.0 B) TX bytes:6512 (6.5 KB)# iptables -nvL -t nat Chain PREROUTING (policy ACCEPT 7489 packets, 1161K bytes) pkts bytes target prot opt in out source destination 1 76 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 1364 packets, 216K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1937 packets, 122K bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 1937 packets, 122K bytes) pkts bytes target prot opt in out source destination 3 208 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0브릿지 정보 확인
# brctl show docker0 bridge name bridge id STP enabled interfaces docker0 8000.56847afe9799 no veth0b37 veth24c4 # brctl showmacs docker0 port no mac addr is local? ageing timer 2 1a:13:90:cf:10:dd yes 0.00 2 42:5a:32:bd:a3:10 no 2.26 1 72:09:b7:05:c5:eb yes 0.00Recent Posts
Archive Posts
Tags