Problem description:
After starting docker and performing port mapping, docker will add DNAT rules in iptables, convert the received packets of the corresponding port to IP and perform Forward, and add rules to convert all IPs from the docker domain.
However, on Centos7, docker can normally access the external network, but requests from the external network cannot be delivered to docker0 after being received and forwarded by eth1, or (oui Unknown) appears when it is sent.
The solution is as follows:
After starting docker, restart iptables
service iptables restart
Clear all the rules added by docker, and then add the rules
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
Replace all rules from docker The IP of the package 172.17.0.0/16 is replaced with the local IP and sent to achieve the purpose of docker accessing the external network.
Recommended related tutorials: docker tutorial
The above is the detailed content of What should I do if docker cannot be accessed by the outside world?. For more information, please follow other related articles on the PHP Chinese website!