应该是docker和linux网段冲突
1、路由策略开启转发
cat >> /etc/sysctl.conf <<EOF
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
EOF
sysctl -p2、查看配置参数是否开启
[root@i-l3mx6cqo ~]# cat /proc/sys/net/ipv4/conf/eth0/forwarding
1
[root@i-l3mx6cqo ~]# cat /proc/sys/net/ipv4/ip_forward
13、执行iptables配置策略,执行以下所有命令
iptables -L
#filter表规则
iptables -N DOCKER
iptables -N DOCKER-ISOLATION-STAGE-1
iptables -N DOCKER-ISOLATION-STAGE-2
iptables -N DOCKER-USER
iptables -A FORWARD -j DOCKER-USER
iptables -A FORWARD -j DOCKER-ISOLATION-STAGE-1
iptables -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -o docker0 -j DOCKER
iptables -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
iptables -A FORWARD -i docker0 -o docker0 -j ACCEPT
iptables -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
iptables -A DOCKER-ISOLATION-STAGE-1 -j RETURN
iptables -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
iptables -A DOCKER-ISOLATION-STAGE-2 -j RETURN
iptables -A DOCKER-USER -j RETURN
#nat表规则
iptables -t nat -N DOCKER
iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
iptables -t nat -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
iptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
iptables -t nat -A DOCKER -i docker0 -j RETURN4、安装brtcl
yum install -y bridge-utils
5、停用docker,编辑daemon文件,没有会新增,增加网断bip,当前linux【139.224.3.64】IP
systemctl stop docker
ip link set dev docker0 down
brctl delbr docker0
iptables -t nat -F POSTROUTING
brctl addbr docker0
ip addr add 172.16.10.1/24 dev docker0
ip link set dev docker0 up
/etc/docker/daemon.json # 编辑daemon文件
"bip": "139.224.3.64/24" # 添加 网段
6、重启docker
systemctl restart docker
