{"id":12916,"date":"2024-11-15T13:39:14","date_gmt":"2024-11-15T05:39:14","guid":{"rendered":"https:\/\/fwq.ai\/blog\/12916\/"},"modified":"2024-11-15T13:39:14","modified_gmt":"2024-11-15T05:39:14","slug":"docker%e7%bd%91%e7%bb%9c%e7%9a%84nat%e9%85%8d%e7%bd%ae%e4%b8%8e%e6%b5%81%e9%87%8f%e6%8e%a7%e5%88%b6","status":"publish","type":"post","link":"https:\/\/fwq.ai\/blog\/12916\/","title":{"rendered":"Docker\u7f51\u7edc\u7684NAT\u914d\u7f6e\u4e0e\u6d41\u91cf\u63a7\u5236"},"content":{"rendered":"

Docker\u7f51\u7edc\u7684NAT\u914d\u7f6e\u4e0e\u6d41\u91cf\u63a7\u5236<\/h1>\n

\u5728\u73b0\u4ee3\u8f6f\u4ef6\u5f00\u53d1\u4e2d\uff0cDocker\u4f5c\u4e3a\u4e00\u79cd\u6d41\u884c\u7684\u5bb9\u5668\u5316\u6280\u672f\uff0c\u5df2\u7ecf\u88ab\u5e7f\u6cdb\u5e94\u7528\u4e8e\u5404\u79cd\u573a\u666f\u3002Docker\u7684\u7f51\u7edc\u914d\u7f6e\u662f\u786e\u4fdd\u5bb9\u5668\u4e4b\u95f4\u3001\u5bb9\u5668\u4e0e\u5916\u90e8\u7f51\u7edc\u4e4b\u95f4\u6709\u6548\u901a\u4fe1\u7684\u5173\u952e\u3002\u672c\u6587\u5c06\u6df1\u5165\u63a2\u8ba8Docker\u7f51\u7edc\u4e2d\u7684NAT\uff08\u7f51\u7edc\u5730\u5740\u8f6c\u6362\uff09\u914d\u7f6e\u4e0e\u6d41\u91cf\u63a7\u5236\uff0c\u5e2e\u52a9\u5f00\u53d1\u8005\u66f4\u597d\u5730\u7406\u89e3\u548c\u7ba1\u7406Docker\u7f51\u7edc\u3002<\/p>\n

Docker\u7f51\u7edc\u6a21\u5f0f\u6982\u8ff0<\/h2>\n

Docker\u63d0\u4f9b\u4e86\u591a\u79cd\u7f51\u7edc\u6a21\u5f0f\uff0c\u5305\u62ec\u6865\u63a5\u6a21\u5f0f\u3001\u4e3b\u673a\u6a21\u5f0f\u3001\u8986\u76d6\u6a21\u5f0f\u548c\u65e0\u7f51\u7edc\u6a21\u5f0f\u3002\u5176\u4e2d\uff0c\u6865\u63a5\u6a21\u5f0f\u662f\u6700\u5e38\u7528\u7684\u6a21\u5f0f\uff0c\u5b83\u5141\u8bb8\u5bb9\u5668\u901a\u8fc7NAT\u4e0e\u5916\u90e8\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u3002<\/p>\n

\u6865\u63a5\u7f51\u7edc\u7684\u5de5\u4f5c\u539f\u7406<\/h3>\n

\u5728\u6865\u63a5\u6a21\u5f0f\u4e0b\uff0cDocker\u4f1a\u521b\u5efa\u4e00\u4e2a\u865a\u62df\u7f51\u7edc\u6865\uff08\u901a\u5e38\u662fdocker0\uff09\uff0c\u6240\u6709\u8fde\u63a5\u5230\u8be5\u6865\u7684\u5bb9\u5668\u90fd\u53ef\u4ee5\u901a\u8fc7NAT\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u3002\u6bcf\u4e2a\u5bb9\u5668\u5728\u542f\u52a8\u65f6\u4f1a\u88ab\u5206\u914d\u4e00\u4e2a\u79c1\u6709IP\u5730\u5740\uff0c\u800cDocker\u4e3b\u673a\u5219\u62e5\u6709\u4e00\u4e2a\u516c\u5171IP\u5730\u5740\u3002\u5bb9\u5668\u4e4b\u95f4\u53ef\u4ee5\u901a\u8fc7\u79c1\u6709IP\u5730\u5740\u76f4\u63a5\u901a\u4fe1\uff0c\u800c\u4e0e\u5916\u90e8\u7f51\u7edc\u7684\u901a\u4fe1\u5219\u901a\u8fc7NAT\u8fdb\u884c\u3002<\/p>\n

NAT\u914d\u7f6e<\/h2>\n

Docker\u7684NAT\u914d\u7f6e\u4e3b\u8981\u4f9d\u8d56\u4e8eiptables\u3002Docker\u5728\u542f\u52a8\u65f6\u4f1a\u81ea\u52a8\u914d\u7f6eiptables\u89c4\u5219\uff0c\u4ee5\u5b9e\u73b0\u5bb9\u5668\u4e0e\u5916\u90e8\u7f51\u7edc\u4e4b\u95f4\u7684\u6d41\u91cf\u8f6c\u53d1\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5e38\u89c1\u7684iptables\u89c4\u5219\u793a\u4f8b\uff1a<\/p>\n

iptables -t nat -A POSTROUTING -s 172.17.0.0\/16 ! -d 172.17.0.0\/16 -j MASQUERADE<\/code><\/pre>\n
\u4e0a\u8ff0\u89c4\u5219\u7684\u4f5c\u7528\u662f\u5c06\u6e90\u5730\u5740\u4e3a172.17.0.0\/16\uff08Docker\u9ed8\u8ba4\u7684\u6865\u63a5\u7f51\u7edc\uff09\u4e14\u76ee\u6807\u5730\u5740\u4e0d\u5728\u8be5\u8303\u56f4\u5185\u7684\u6d41\u91cf\u8fdb\u884c\u5730\u5740\u8f6c\u6362\uff0c\u4ece\u800c\u5141\u8bb8\u5bb9\u5668\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u3002<\/p>\n
\u81ea\u5b9a\u4e49NAT\u89c4\u5219<\/h3>\n
\u7528\u6237\u53ef\u4ee5\u6839\u636e\u9700\u8981\u81ea\u5b9a\u4e49NAT\u89c4\u5219\u3002\u4f8b\u5982\uff0c\u5982\u679c\u5e0c\u671b\u5c06\u7279\u5b9a\u7aef\u53e3\u7684\u6d41\u91cf\u8f6c\u53d1\u5230\u67d0\u4e2a\u5bb9\u5668\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 172.17.0.2:80<\/code><\/pre>\n
\u8fd9\u6761\u89c4\u5219\u5c06\u6240\u6709\u5230\u8fbe\u4e3b\u673a8080\u7aef\u53e3\u7684TCP\u6d41\u91cf\u8f6c\u53d1\u5230IP\u5730\u5740\u4e3a172.17.0.2\u7684\u5bb9\u5668\u768480\u7aef\u53e3\u3002<\/p>\n
\u6d41\u91cf\u63a7\u5236<\/h2>\n
\u5728Docker\u4e2d\uff0c\u6d41\u91cf\u63a7\u5236\u53ef\u4ee5\u901a\u8fc7\u591a\u79cd\u65b9\u5f0f\u5b9e\u73b0\uff0c\u5305\u62ec\u4f7f\u7528\u7f51\u7edc\u7b56\u7565\u3001QoS\uff08\u670d\u52a1\u8d28\u91cf\uff09\u548c\u6d41\u91cf\u9650\u5236\u7b49\u3002<\/p>\n
\u4f7f\u7528\u7f51\u7edc\u7b56\u7565<\/h3>\n
Docker\u7684\u7f51\u7edc\u7b56\u7565\u5141\u8bb8\u7528\u6237\u5b9a\u4e49\u54ea\u4e9b\u5bb9\u5668\u53ef\u4ee5\u76f8\u4e92\u901a\u4fe1\u3002\u901a\u8fc7\u4f7f\u7528Docker\u7684\u7f51\u7edc\u63d2\u4ef6\uff08\u5982Calico\u6216Weave\uff09\uff0c\u7528\u6237\u53ef\u4ee5\u5b9e\u73b0\u66f4\u7ec6\u7c92\u5ea6\u7684\u6d41\u91cf\u63a7\u5236\u3002\u4f8b\u5982\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u89c4\u5219\u53ea\u5141\u8bb8\u7279\u5b9a\u7684<\/p>\n","protected":false},"excerpt":{"rendered":"
Docker\u7f51\u7edc\u7684NAT\u914d\u7f6e\u4e0e\u6d41\u91cf\u63a7\u5236 \u5728\u73b0\u4ee3\u8f6f\u4ef6\u5f00\u53d1\u4e2d\uff0cDocker\u4f5c\u4e3a\u4e00\u79cd\u6d41\u884c\u7684\u5bb9\u5668\u5316\u6280\u672f\uff0c\u5df2\u7ecf\u88ab\u5e7f\u6cdb\u5e94\u7528\u4e8e\u5404\u79cd\u573a\u666f\u3002Docker\u7684\u7f51\u7edc\u914d\u7f6e\u662f\u786e\u4fdd\u5bb9\u5668\u4e4b\u95f4\u3001\u5bb9\u5668\u4e0e\u5916\u90e8\u7f51\u7edc\u4e4b\u95f4\u6709\u6548\u901a\u4fe1\u7684\u5173\u952e\u3002\u672c\u6587\u5c06\u6df1\u5165\u63a2\u8ba8Docker\u7f51\u7edc\u4e2d\u7684NAT\uff08\u7f51\u7edc\u5730\u5740\u8f6c\u6362\uff09\u914d\u7f6e\u4e0e\u6d41\u91cf\u63a7\u5236\uff0c\u5e2e\u52a9\u5f00\u53d1\u8005\u66f4\u597d\u5730\u7406\u89e3\u548c\u7ba1\u7406Docker\u7f51\u7edc\u3002 Docker\u7f51\u7edc\u6a21\u5f0f\u6982\u8ff0 Docker\u63d0\u4f9b\u4e86\u591a\u79cd\u7f51\u7edc\u6a21\u5f0f\uff0c\u5305\u62ec\u6865\u63a5\u6a21\u5f0f\u3001\u4e3b\u673a\u6a21\u5f0f\u3001\u8986\u76d6\u6a21\u5f0f\u548c\u65e0\u7f51\u7edc\u6a21\u5f0f\u3002\u5176\u4e2d\uff0c\u6865\u63a5\u6a21\u5f0f\u662f\u6700\u5e38\u7528\u7684\u6a21\u5f0f\uff0c\u5b83\u5141\u8bb8\u5bb9\u5668\u901a\u8fc7NAT\u4e0e\u5916\u90e8\u7f51\u7edc\u8fdb\u884c\u901a\u4fe1\u3002 \u6865\u63a5\u7f51\u7edc\u7684\u5de5\u4f5c\u539f\u7406 \u5728\u6865\u63a5\u6a21\u5f0f\u4e0b\uff0cDocker\u4f1a\u521b\u5efa\u4e00\u4e2a\u865a\u62df\u7f51\u7edc\u6865\uff08\u901a\u5e38\u662fdocker0\uff09\uff0c\u6240\u6709\u8fde\u63a5\u5230\u8be5\u6865\u7684\u5bb9\u5668\u90fd\u53ef\u4ee5\u901a\u8fc7NAT\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u3002\u6bcf\u4e2a\u5bb9\u5668\u5728\u542f\u52a8\u65f6\u4f1a\u88ab\u5206\u914d\u4e00\u4e2a\u79c1\u6709IP\u5730\u5740\uff0c\u800cDocker\u4e3b\u673a\u5219\u62e5\u6709\u4e00\u4e2a\u516c\u5171IP\u5730\u5740\u3002\u5bb9\u5668\u4e4b\u95f4\u53ef\u4ee5\u901a\u8fc7\u79c1\u6709IP\u5730\u5740\u76f4\u63a5\u901a\u4fe1\uff0c\u800c\u4e0e\u5916\u90e8\u7f51\u7edc\u7684\u901a\u4fe1\u5219\u901a\u8fc7NAT\u8fdb\u884c\u3002 NAT\u914d\u7f6e Docker\u7684NAT\u914d\u7f6e\u4e3b\u8981\u4f9d\u8d56\u4e8eiptables\u3002Docker\u5728\u542f\u52a8\u65f6\u4f1a\u81ea\u52a8\u914d\u7f6eiptables\u89c4\u5219\uff0c\u4ee5\u5b9e\u73b0\u5bb9\u5668\u4e0e\u5916\u90e8\u7f51\u7edc\u4e4b\u95f4\u7684\u6d41\u91cf\u8f6c\u53d1\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5e38\u89c1\u7684iptables\u89c4\u5219\u793a\u4f8b\uff1a iptables -t nat -A POSTROUTING -s 172.17.0.0\/16 ! -d 172.17.0.0\/16 -j MASQUERADE \u4e0a\u8ff0\u89c4\u5219\u7684\u4f5c\u7528\u662f\u5c06\u6e90\u5730\u5740\u4e3a172.17.0.0\/16\uff08Docker\u9ed8\u8ba4\u7684\u6865\u63a5\u7f51\u7edc\uff09\u4e14\u76ee\u6807\u5730\u5740\u4e0d\u5728\u8be5\u8303\u56f4\u5185\u7684\u6d41\u91cf\u8fdb\u884c\u5730\u5740\u8f6c\u6362\uff0c\u4ece\u800c\u5141\u8bb8\u5bb9\u5668\u8bbf\u95ee\u5916\u90e8\u7f51\u7edc\u3002 \u81ea\u5b9a\u4e49NAT\u89c4\u5219 \u7528\u6237\u53ef\u4ee5\u6839\u636e\u9700\u8981\u81ea\u5b9a\u4e49NAT\u89c4\u5219\u3002\u4f8b\u5982\uff0c\u5982\u679c\u5e0c\u671b\u5c06\u7279\u5b9a\u7aef\u53e3\u7684\u6d41\u91cf\u8f6c\u53d1\u5230\u67d0\u4e2a\u5bb9\u5668\uff0c\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\uff1a iptables -t nat -A PREROUTING -p tcp –dport 8080 -j DNAT –to-destination 172.17.0.2:80 \u8fd9\u6761\u89c4\u5219\u5c06\u6240\u6709\u5230\u8fbe\u4e3b\u673a8080\u7aef\u53e3\u7684TCP\u6d41\u91cf\u8f6c\u53d1\u5230IP\u5730\u5740\u4e3a172.17.0.2\u7684\u5bb9\u5668\u768480\u7aef\u53e3\u3002 \u6d41\u91cf\u63a7\u5236 \u5728Docker\u4e2d\uff0c\u6d41\u91cf\u63a7\u5236\u53ef\u4ee5\u901a\u8fc7\u591a\u79cd\u65b9\u5f0f\u5b9e\u73b0\uff0c\u5305\u62ec\u4f7f\u7528\u7f51\u7edc\u7b56\u7565\u3001QoS\uff08\u670d\u52a1\u8d28\u91cf\uff09\u548c\u6d41\u91cf\u9650\u5236\u7b49\u3002 \u4f7f\u7528\u7f51\u7edc\u7b56\u7565 Docker\u7684\u7f51\u7edc\u7b56\u7565\u5141\u8bb8\u7528\u6237\u5b9a\u4e49\u54ea\u4e9b\u5bb9\u5668\u53ef\u4ee5\u76f8\u4e92\u901a\u4fe1\u3002\u901a\u8fc7\u4f7f\u7528Docker\u7684\u7f51\u7edc\u63d2\u4ef6\uff08\u5982Calico\u6216Weave\uff09\uff0c\u7528\u6237\u53ef\u4ee5\u5b9e\u73b0\u66f4\u7ec6\u7c92\u5ea6\u7684\u6d41\u91cf\u63a7\u5236\u3002\u4f8b\u5982\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u89c4\u5219\u53ea\u5141\u8bb8\u7279\u5b9a\u7684<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-12916","post","type-post","status-publish","format-standard","hentry","category-docker"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/12916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=12916"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/12916\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=12916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=12916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=12916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}