Docker – about the connectivity between docker containers and between containers and host computers


1、 Connectivity between container and host

Check host firewall status
If you can turn off the host firewall, you can communicate.
If the firewall cannot be closed, the host related interface can be opened and the access ID can be allowed
Note: the open IP must be the virtual IP of the container on the host, not the IP address of the host

#View the virtual network IP of the container under the host through the command
ip a
#View the IP and port of the host firewall
cat /etc/firewalld/zones/public.xml
#Enter the container as root
docker exec -it -u root 61da8089ca0a /bin/sh
#Check if communication is possible
Ping host IP
#Reload firewall
firewall-cmd --reload

Question 1[docker] iptables appear when starting the container: no chain / target / match by that name

#Specific error information
Error response from daemon: driver failed programming external connectivity
 on endpoint jenkins (a8ea15bf9b3dbed599d059d638f79f9dd5e875556c39bfb41e6563d3feedb81b):
  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 50000 -j DNAT
 --to-destination ! -i br-031aa3930383: iptables: No chain/target/match
 by that name.

The error is that the gateway is restarted, so the docker network cannot configure the network for the new container, that is, it does not have the operation permission of the network management to restart
Solution: restart docker

service docker restart
systemctl restart  docker

2、 Connectivity between containers (same host)
The connection between containers is mainly to put the containers that need to be interconnected in the same network
1. Containers started directly through docker

#1. Set at startup
docker run -itd --name c3 --net backend centos
docker run -itd --name c2 --net backend centos
docker run -itd --name c1 --net frontend centos
#2. Set after startup
docker network connect backend  c1
docker exec -it c2 /bin/bash
Yum install - y net tools # install network Toolkit
Ping C2 # is on the backend
Ping C3 # is on the back end

2. Containers started through docker compose

version: '2'
    image: c1:base1.0
    container_name: c1
    restart: always
    dns_search: .
#    networks:
#      - nets
      - 10090:9090
    tty: true
    image: c2:base1.0
    container_name: c2
    restart: always
    dns_search: .
      - prometheus
      - 13000:13000
      GF_RENDERING_SERVER_URL: http://renderer:8081/render
      GF_RENDERING_CALLBACK_URL: http://grafana:13000/
      GF_LOG_FILTERS: rendering:debug
    tty: true
    image: c3:base1.0
    container_name: c3
    dns_search: .
      - c1
    restart: always
      - 10081:8081
      ENABLE_METRICS: 'true'
      name: c_nets

Note: external_ links、networks

Reference link
[docker] iptables appear when starting the container: no chain / target / match by that name
Docker sets up different networks and migrates to the specified network