Modify docker default gateway
Article background:
When we use Docker in a LAN, one of the most common confusions we encounter is that sometimes the network is blocked across network segments. The reason is that the gateway generated by Docker by default sometimes conflicts with our LAN segment. For example, if Docker is deployed on a machine in the 172.16 network segment, and the resulting docker0 bridge is the 172.17 network segment, then it is the same as the one used in the real environment. There is a conflict between machines in the network segment (that is, the machine in the 172.17 network segment cannot be pinged).
(Recommended tutorial: docker tutorial)
In order to avoid conflicts, the first thing that comes to mind is to change the gateway. The example is as follows (taking Centos as an example):
service docker stop # 删除docker防火墙过滤规则 iptables -t nat -F POSTROUTING # 删除docker默认网关配置 ip link set dev docker0 down ip addr del 172.17.0.1/16 dev docker0 # 增加新的docker网关配置 ip addr add 192.168.2.1/24 dev docker0 ip link set dev docker0 up # 检测是否配置成功,如果输出信息中有 192.168.5.1,则表明成功 ip addr show docker0 service docker start # 验证docker防火墙过滤规则
After this modification, will it be reliable? The answer is no, because after docker restarts, docker0 may still be rebuilt, overwriting the modifications we made. It shows that Docker’s IP rules are hard-coded and we are not allowed to change them at will. But let’s change our thinking and kill docker0 directly and rebuild a new bridge:
First we need to install the bridge creation tool brctl:
sudo yum install -y bridge-utils
Start the creation operation:
# 1.停止 Docker 服务
service docker stop
# 2.创建新的网桥(新的网段)
brctl addbr bridge0
ip addr add 192.168.2.1/24 dev bridge0
ip link set dev bridge0 up
# 3.确认网桥信息
ip addr show bridge0
# 4.修改配置文件
/etc/docker/daemon.json(如不存在则创建一个 touch daemon.json),使Docker启动时使用自定义网桥
{
"bridge": "bridge0"
}
# 5.重启 Docker
service docker start
# 确认 NAT 网络路由
iptables -t nat -L -n
# 6.删除不再使用的网桥
ip link set dev docker0 down
brctl delbr docker0
iptables -t nat -F POSTROUTINGRegarding the modified configuration made in step 4, it is to reference the new network bridge. In fact, you can also reference the new network bridge in the docker configuration file:
echo 'DOCKER_OPTS="-b=bridge0"' >> /etc/sysconfig/docker sudo service docker start
But it does not mean that we will definitely be able to see the docker custom configuration. file, if there is no default/docker or sysconfig/docker, it will be more troublesome. The solution is as follows:
$ vi /lib/systemd/system/docker.service #添加一行 $ EnvironmentFile=-/etc/default/docker 或者 $ EnvironmentFile=-/etc/sysconfig/docker #-代表ignore error #并修改 $ ExecStart=/usr/bin/docker daemon -H fd:// #改成 $ ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS #这样才能使用/etc/default/docker里定义的DOCKER_OPTS参数 $ systemctl daemon-reload 重载 $ sudo service docker restart
After completing the creation of bridge0 and transitioning from docker0 to bridge0, we can route it to confirm whether we The 172.17 network segment that we don’t want to see:
As long as it is not there, then we will not only be connected to the machines in the 172.17 network segment. If there is still one, then use ip addr del 172.17.0.1/16 dev docker0 until it is cleared (because a new docker bridge has been established, deleting the old one will not affect the use of docker).
If the network bridge created by brctl may be lost after restarting the machine, then we can write the following command into the Linux self-start script and execute it every time it restarts:
brctl addbr bridge0 ip addr add 192.168.2.1/24 dev bridge0 ip link set dev bridge0 up
Self-start Scripts can be added by adding executable statements (such as sh /opt/script.sh &) in the /etc/rc.local file. In this way, basically every time the machine is restarted, bridge0 can be guaranteed to be created and the docker service can start normally.
In addition: If you just want to solve the IP network segment conflict and are unwilling to operate the above complicated process, you can actually just change /etc/docker/daemon.json by adding the content "bip": "ip/ netmask" to change the network segment of the docker0 bridge, as follows:
[root@iZ2ze278r1bks3c1m6jdznZ ~]# cat /etc/docker/daemon.json
{
"bip":"192.168.2.1/24"
}The above is the detailed content of Modify docker default gateway. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to deploy a PyTorch app on Ubuntu
May 29, 2025 pm 11:18 PM
Deploying a PyTorch application on Ubuntu can be done by following the steps: 1. Install Python and pip First, make sure that Python and pip are already installed on your system. You can install them using the following command: sudoaptupdatesudoaptinstallpython3python3-pip2. Create a virtual environment (optional) To isolate your project environment, it is recommended to create a virtual environment: python3-mvenvmyenvsourcemyenv/bin/activatet
Performance Tuning of Jenkins Deployment on Debian
May 28, 2025 pm 04:51 PM
Deploying and tuning Jenkins on Debian is a process involving multiple steps, including installation, configuration, plug-in management, and performance optimization. Here is a detailed guide to help you achieve efficient Jenkins deployment. Installing Jenkins First, make sure your system has a Java environment installed. Jenkins requires a Java runtime environment (JRE) to run properly. sudoaptupdatesudoaptininstallopenjdk-11-jdk Verify that Java installation is successful: java-version Next, add J
How to implement automated deployment of Docker on Debian
May 28, 2025 pm 04:33 PM
Implementing Docker's automated deployment on Debian system can be done in a variety of ways. Here are the detailed steps guide: 1. Install Docker First, make sure your Debian system remains up to date: sudoaptupdatesudoaptupgrade-y Next, install the necessary software packages to support APT access to the repository via HTTPS: sudoaptinstallapt-transport-httpsca-certificatecurlsoftware-properties-common-y Import the official GPG key of Docker: curl-
What is Docker BuildKit, and how does it improve build performance?
Jun 19, 2025 am 12:20 AM
DockerBuildKit is a modern image building backend. It can improve construction efficiency and maintainability by 1) parallel processing of independent construction steps, 2) more advanced caching mechanisms (such as remote cache reuse), and 3) structured output improves construction efficiency and maintainability, significantly optimizing the speed and flexibility of Docker image building. Users only need to enable the DOCKER_BUILDKIT environment variable or use the buildx command to activate this function.
How does Docker work with Docker Desktop?
Jun 15, 2025 pm 12:54 PM
DockerworkswithDockerDesktopbyprovidingauser-friendlyinterfaceandenvironmenttomanagecontainers,images,andresourcesonlocalmachines.1.DockerDesktopbundlesDockerEngine,CLI,Compose,andothertoolsintoonepackage.2.Itusesvirtualization(likeWSL2onWindowsorHyp
How can you monitor the resource usage of a Docker container?
Jun 13, 2025 am 12:10 AM
To monitor Docker container resource usage, built-in commands, third-party tools, or system-level tools can be used. 1. Use dockerstats to monitor real-time: Run dockerstats to view CPU, memory, network and disk IO indicators, support filtering specific containers and recording regularly with watch commands. 2. Get container insights through cAdvisor: Deploy cAdvisor containers to obtain detailed performance data and view historical trends and visual information through WebUI. 3. In-depth analysis with system-level tools: use top/htop, iostat, iftop and other Linux tools to monitor resource consumption at the system level, and integrate Prometheu
What is Kubernetes, and how does it relate to Docker?
Jun 21, 2025 am 12:01 AM
Kubernetes is not a replacement for Docker, but the next step in managing large-scale containers. Docker is used to build and run containers, while Kubernetes is used to orchestrate these containers across multiple machines. Specifically: 1. Docker packages applications and Kubernetes manages its operations; 2. Kubernetes automatically deploys, expands and manages containerized applications; 3. It realizes container orchestration through components such as nodes, pods and control planes; 4. Kubernetes works in collaboration with Docker to automatically restart failed containers, expand on demand, load balancing and no downtime updates; 5. Applicable to application scenarios that require rapid expansion, running microservices, high availability and multi-environment deployment.
How does Docker differ from traditional virtualization?
Jul 08, 2025 am 12:03 AM
The main difference between Docker and traditional virtualization lies in the processing and resource usage of the operating system layer. 1. Docker containers share the host OS kernel, which is lighter, faster startup, and more resource efficiency; 2. Each instance of a traditional VM runs a full OS, occupying more space and resources; 3. The container usually starts in a few seconds, and the VM may take several minutes; 4. The container depends on namespace and cgroups to achieve isolation, while the VM obtains stronger isolation through hypervisor simulation hardware; 5. Docker has better portability, ensuring that applications run consistently in different environments, suitable for microservices and cloud environment deployment.
