配置逻辑桥接网卡
宿主机安装bridge-utils工具
yum install -y bridge-utils配置br0逻辑桥接网卡
- 备份原有网卡配置
mkdir /etc/sysconfig/network-scripts-backup
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts-backup/ifcfg-eth0.backup- 添加bridge逻辑网卡配置
#覆盖原有网卡 此处的eth0需要修改为对应的网卡名称,示例以eth0为例
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE=eth0
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
BRIDGE=br0
NAME=eth0
EOF
#添加桥接网卡配置,局域网网段子网掩码最好设置成255.255.0.0,这样留给docker容器的网段在配置成更小的子网段,才不会造成docker生成的容器ip冲突
cat >/etc/sysconfig/network-scripts/ifcfg-br0 <<EOF
DEVICE=br0
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=static
NM_CONTROLLED=no
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPADDR=192.168.1.145
GATEWAY=192.168.1.1
PREFIX=16
DNS1=192.168.1.1
DNS2=114.114.114.114
DEFROUTE=yes
EOF- 重启网卡
#需要先禁用NetworkManager
systemctl stop NetworkManager && systemctl disable NetworkManager
systemctl enable network && systemctl restart network- 配置防火墙,否则docker使用桥接网卡容器无法提供上网功能
systemctl enable firewalld && systemctl restart firewalld
#配置允许该网卡所有数据包都能被接受,如果不配会导致docker容器无法通行
firewall-cmd --permanent --zone=trusted --add-interface=br0
#配置nat,否则会导致容器访问不了公网
firewall-cmd --add-masquerade --zone=trusted --permanent
#or 1
#配置nat,否则会导致容器访问不了公网,更高级,只配置指定网段到指定网段进行nat
#此例是配置192.168.12.0/24网段到除192.168.0.0/16之外的网段进行nat转换
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 192.168.12.0/24 ! -d 192.168.0.0/16 -o br0 -j MASQUERADE
#组播地址池禁止nat转换
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 192.168.12.0/24 ! -d 224.0.0.0/4 -o br0 -j MASQUERADE
#or 2
#和上面or1类似,只是指定snat伪装地址为192.168.1.145
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 192.168.12.0/24 ! -d 192.168.0.0/16 -j SNAT --to-source 192.168.1.145
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 192.168.12.0/24 ! -d 224.0.0.0/4 -j SNAT --to-source 192.168.1.145
#重新加载防火墙配置
firewall-cmd --reload
# 开启ipv4转发功能
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p- 验证桥接网卡
ifconfig br0:
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.145 netmask 255.255.0.0 broadcast 192.168.255.255
ether 80:18:44:e6:dc:8d txqueuelen 1000 (Ethernet)
RX packets 83673216 bytes 33876475434 (31.5 GiB)
RX errors 0 dropped 114 overruns 0 frame 0
TX packets 22976711 bytes 40023885327 (37.2 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0brctl show br0:
bridge name bridge id STP enabled interfaces
br0 8000.801844e6dc8d no eth0
vnet0
vnet1
vnet2
vnet3
vnet4安装docker
安装docker
#设置docker仓库
sudo yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
#查看可用docker版本
yum makecache
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce docker-ce-cli containerd.io修改docker配置
{
"registry-mirrors": ["http://hub-mirror.c.163.com","https://b0zrxroh.mirror.aliyuncs.com"],
"insecure-registries": [],
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "50m"
},
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"data-root": "/home/docker/.lib/images",
"dns" : [ "192.168.1.1", "114.114.114.114" ]
}
- registry-mirrors:docker镜像地址
- insecure-registries:为http协议仓库地址
- data-root: docker镜像存储位置
- dns:dns域名解析地址
启动docker
systemctl enable docker && systemctl restart docker创建自定义docker网络br0
docker network create \
--driver=bridge \
--subnet=192.168.0.0/16 \
--ip-range=192.168.12.0/24 \
--gateway=192.168.1.145 \
--opt com.docker.network.bridge.name=br0 \
--opt com.docker.network.bridge.enable_ip_masquerade=true \
--opt com.docker.network.bridge.enable_icc=true \
--opt com.docker.network.bridge.host_binding_ipv4=0.0.0.0 \
--opt com.docker.network.driver.mtu=1500 \
br0
- –driver=bridge :为驱动模式,可不选,默认bridge,还支持多重网络overlay,可参考官网文档
- –subnet=192.168.0.0/16 :为外部局域网网段,需要比docker容器内部分配ip网段大
- –ip-range=192.168.12.0/24 :为docker容器内部网段,容器的ip在此范围内分配,多宿主机下可以分配不同的网段用以区分
- –gateway=192.168.1.145 :为br0桥接网卡上的宿主机ip地址
- –opt com.docker.network.bridge.name=br0 : 为指定桥架网卡名称
br0
查看docker已创建的br0网络
docker network ls
NETWORK ID NAME DRIVER SCOPE
9736623145b0 br0 bridge local
769c7a95d1d7 bridge bridge local
70858e5a284f docker-compose_default bridge local
3a344e73b2e9 host host local
7e91daad665e none null localdocker network inspect br0
[
{
"Name": "br0",
"Id": "9736623145b0a0c6cf8f85dffbea7e01ed19c35340637f69defa0222cb793a20",
"Created": "2020-09-17T17:09:32.277347182+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"IPRange": "192.168.12.0/24",
"Gateway": "192.168.12.145"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
},
"Options": {
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "br0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]验证网络是否有效
- 运行docker容器:
docker run -it --rm --net=br0 busybox sh
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
144: eth0@if145: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:c0:a8:66:13 brd ff:ff:ff:ff:ff:ff
inet 192.168.12.19/16 brd 192.168.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # ping www.baidu.com
PING www.baidu.com (14.215.177.38): 56 data bytes
64 bytes from 14.215.177.38: seq=0 ttl=55 time=37.330 ms
64 bytes from 14.215.177.38: seq=1 ttl=55 time=38.281 ms
64 bytes from 14.215.177.38: seq=2 ttl=55 time=36.104 ms
^C
--- www.baidu.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 36.104/37.238/38.281 ms- 局域网内任意一台电脑ping容器ip:
ping 192.168.12.19
正在 Ping 192.168.12.19 具有 32 字节的数据:
来自 192.168.12.19 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.12.19 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.12.19 的回复: 字节=32 时间<1ms TTL=64
192.168.12.19 的 Ping 统计信息:
数据包: 已发送 = 3,已接收 = 3,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 0ms,平均 = 0ms
Control-Cdocker-compose使用 br0网络
- 配置docker-compose文件
version: '3.6'
networks:
br0:
external:
name: br0
services:
busybox1:
image: busybox
networks:
- br0
command:
- ip
- add
busybox2:
image: busybox
networks:
- br0
command:
- ping
- www.baidu.com
- networks.br0:为定义一个当前配置文件的网络名称为br0的network
- networks.br0.external.name :为指定使用docker创建的br0 network
- services.busybox1.networks : 为使用配置文件定义的br0的网络
- 验证docker-compose 网络:
docker-compose up
Creating test_busybox1_1 ... done
Creating test_busybox2_1 ... done
Attaching to test_busybox1_1, test_busybox2_1
busybox2_1 | PING www.baidu.com (14.215.177.38): 56 data bytes
busybox2_1 | 64 bytes from 14.215.177.38: seq=0 ttl=55 time=38.228 ms
busybox1_1 | 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
busybox1_1 | link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
busybox1_1 | inet 127.0.0.1/8 scope host lo
busybox1_1 | valid_lft forever preferred_lft forever
busybox1_1 | 148: eth0@if149: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
busybox1_1 | link/ether 02:42:c0:a8:66:13 brd ff:ff:ff:ff:ff:ff
busybox1_1 | inet 192.168.12.19/16 brd 192.168.255.255 scope global eth0
busybox1_1 | valid_lft forever preferred_lft forever
test_busybox1_1 exited with code 0
busybox2_1 | 64 bytes from 14.215.177.38: seq=1 ttl=55 time=36.992 ms
busybox2_1 | 64 bytes from 14.215.177.38: seq=2 ttl=55 time=37.452 ms
busybox2_1 | 64 bytes from 14.215.177.38: seq=3 ttl=55 time=36.966 ms
busybox2_1 | 64 bytes from 14.215.177.38: seq=4 ttl=55 time=37.407 ms
busybox2_1 | 64 bytes from 14.215.177.38: seq=5 ttl=55 time=38.759 ms
busybox2_1 | 64 bytes from 14.215.177.38: seq=6 ttl=55 time=37.468 ms
busybox2_1 | 64 bytes from 14.215.177.38: seq=7 ttl=55 time=36.981 ms
busybox2_1 | 64 bytes from 14.215.177.38: seq=8 ttl=55 time=37.225 ms
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
