How to solve the problem of swarm docker port being blocked

Swarm docker port unreachable solution: 1. Edit the configuration file and add the configuration "net.ipv4.ip_forward=1"; 2. Restart the network through "systemctl restart network".

The operating environment of this article: centOS6.8 system, Docker version 18.09.x, Dell G3 computer.

How to solve the problem of swarm docker port being blocked? docker swarm network problem

Problem:

The internal network of the docker host is normal, but the connection with other hosts fails. Other hosts cannot connect to the port mapped on the docker host, and the internal network of docker cannot be connected. external host.

The server environment is as follows:

• The system is centos
• docker info

WARNING: IPv4 forwarding is disabled WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled

Solution

• Edit configuration file

vim /etc/sysctl.conf

Add configuration

net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-arptables=1 net.ipv4.ip_forward=1

Executesysctl -pTake effect

• Restart the network

systemctl restart network

Check the docker info again, the warning disappears, and the docker network on the host returns to normal.

Key point, for cloud servers

The server I use is Alibaba Cloud Server
If your cluster uses the default port 4789, then you may encounter the same problem as me The problem.

There is this sentence in Alibaba Cloud's help documentation:

Before adding UDP monitoring, pay attention to the following restrictions:
There are three ports for UDP monitoring: 250, 4789 and 4790 The port is reserved for the system and is not open to the public for the time being.
Details

In versions 19.03 and later, docker adds the –data-path-port uint32 configuration item on top of swarm init to change the VXLAN port of docker swarm.
The problem was successfully solved after modifying the port

sudo docker swarm init --data-path-port 5789

Other problems

Check the docker log (journalctl -u docker -n 20 -f) and found:

level=error msg="error reading the kernel parameter net.ipv4.vs.expire_nodest_conn" error="open /proc/sys/net/ipv4/vs/expire_nodest_conn: no such file or directory"

This occurs because the host does not load the ip_vs module. Just restart docker after loading the ip_vs module on each node. [Recommended learning: "docker video tutorial"]

modprobe ip_vs service docker restart

The above is the detailed content of How to solve the problem of swarm docker port being blocked. For more information, please follow other related articles on the PHP Chinese website!