Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to correct the default network segment of Docker". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to correct the default network segment of Docker.

Background

A colleague is studying his security cause and needs to deploy his secret weapon on the aws server, which can be deployed through docker. Before deployment, he can log in to the server through the internal and external network ssh of the jumping machine; after deployment, he can only log in to this server through the external network ssh. The symptom is such a symptom, how to administer drugs depends on medical skills.

Check the mental journey.

1. Before deploying secret weapons, you can use internal and external networks; after deployment, you can only use external networks. The symptom is the problem of network firewall, so ~ ~

1) iptables-f

2) setenforce 0

3) put the security group of this server into 0.0.0.0 on aws (this is purely for testing, do not formal environment)

2. Is it possible that the configuration file of ssh has been modified because the port has been changed? is there a configuration in the configuration file of ssh that controls whether the internal and external network can be logged in? So ~

A blind correction of vim / etc/ssh/sshd_config (here reflects the lack of understanding of ssh, not familiar with the configuration file, need to learn)

3, this thing, the network is OK, the security group is fine, I don't know why I thought of a route in my head, route-n look at it first, wow, when I see these routes, one of them is 172.29.0.0 (the network segment of our trigger is very similar to this), it vaguely feels that there is something wrong here (women's intuition is not just to judge whether a boyfriend has a dog outside. Are you still in love? The intuition is still quite accurate here, ); so ~ ~

Route-n route del-net 172.22.32.0 netmask 255.255.255.0 route del-net 172.23.32.0 netmask 255.255.255.0.

As long as all the routes related to the container are killed, and then log in from the springboard to the private network ssh, Whoa, whoa, whoa.

4. It is determined that it is the problem of that route, and the network segment assigned by this container conflicts with the network segment of the jumping machine, so ~.

Route add-net 172.22.32.0 netmask 255.255.255.0.

Add the route that has just been deleted in addition to the conflicting and silly one, and then it's time to solve this problem.

The solution at that time

After thinking about it, since there is a conflict, I must have changed the network segment of this container. How to change it? I used a very stupid method. I stopped and deleted the container, restarted one with docker-compose, and reassigned a new network segment, so there was no conflict.

Fundamental solution

Before starting the container, change the entire docker network to one that does not conflict with our own network segment, so that docker will always only assign what we have set for him.

Operation procedure: modify docker.json to change the entire network segment of docker. It was originally 172, but now I want to change it to 192.

1) vim / etc/docker/daemon.json (if you don't have this file here, create it yourself)

{"bip": "192.168.0.1 Compact 24"}

2) restart docker

Systemctl restart docker

3) re-look at the network segment

Note: keep this in mind when you initially plan to use the docker container, and plan what network segment to use; the above method requires restarting docker and restarting the container.

At this point, I believe that everyone on the "Docker default network segment how to correctly modify" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.