docker_practice/advanced_network/access_control.md

57 lines
2.8 KiB
Go
Raw Normal View History

# 访
访 Linux `iptables` `iptables` Linux
2014-09-18 17:38:20 +08:00
## 访
访Linux
2014-09-18 17:38:20 +08:00
2017-11-22 11:13:23 +08:00
```bash
2014-09-18 17:38:20 +08:00
$sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
```
0
2017-11-22 11:13:23 +08:00
```bash
2014-09-18 17:38:20 +08:00
$sysctl -w net.ipv4.ip_forward=1
```
Docker `--ip-forward=true`, Docker `ip_forward` 1
2014-09-18 17:38:20 +08:00
## 访
2014-09-18 17:38:20 +08:00
访
* `docker0`
* -- `iptables`
2014-09-18 17:38:20 +08:00
### 访
2018-12-18 13:13:52 +08:00
Docker dockerd iptables FORWARD `ACCEPT``DROP``--icc=true` `--icc=false` `--iptables=false` `iptables`
2014-09-18 17:38:20 +08:00
2019-04-29 09:26:29 +08:00
`/etc/docker/daemon.json` `{"icc": false}`
2014-09-18 17:38:20 +08:00
### 访
`-icc=false` 访 `--link=CONTAINER_NAME:ALIAS` 访
2014-09-18 17:38:20 +08:00
Docker 使 `icc=false --iptables=true` 访 Docker `iptables`
2014-09-18 17:38:20 +08:00
`iptables`
2017-11-22 11:13:23 +08:00
```bash
2014-09-18 17:38:20 +08:00
$ sudo iptables -nL
...
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
...
```
2017-11-29 10:23:42 +08:00
`docker run`使 `--link=CONTAINER_NAME:ALIAS` Docker `iptable` `ACCEPT` 访 `Dockerfile` `EXPOSE`
2014-09-18 17:38:20 +08:00
`--link=CONTAINER_NAME:ALIAS` `iptables`
2017-11-22 11:13:23 +08:00
```bash
2014-09-18 17:38:20 +08:00
$ sudo iptables -nL
...
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 172.17.0.2 172.17.0.3 tcp spt:80
ACCEPT tcp -- 172.17.0.3 172.17.0.2 tcp dpt:80
DROP all -- 0.0.0.0/0 0.0.0.0/0
```
`--link=CONTAINER_NAME:ALIAS` `CONTAINER_NAME` Docker 使 `--name`