应该是docker和linux网段冲突
1、路由策略开启转发
cat >> /etc/sysctl.conf <<EOFnet.ipv4.ip_forward = 1net.bridge.bridge-nf-call-ip6tables = 1net.bridge.bridge-nf-call-iptables = 1net.bridge.bridge-nf-call-arptables = 1EOFsysctl -p2、查看配置参数是否开启
[root@i-l3mx6cqo ~]# cat /proc/sys/net/ipv4/conf/eth0/forwarding1[root@i-l3mx6cqo ~]# cat /proc/sys/net/ipv4/ip_forward13、执行iptables配置策略,执行以下所有命令
iptables -L#filter表规则iptables -N DOCKERiptables -N DOCKER-ISOLATION-STAGE-1iptables -N DOCKER-ISOLATION-STAGE-2iptables -N DOCKER-USERiptables -A FORWARD -j DOCKER-USERiptables -A FORWARD -j DOCKER-ISOLATION-STAGE-1iptables -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPTiptables -A FORWARD -o docker0 -j DOCKERiptables -A FORWARD -i docker0 ! -o docker0 -j ACCEPTiptables -A FORWARD -i docker0 -o docker0 -j ACCEPTiptables -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2iptables -A DOCKER-ISOLATION-STAGE-1 -j RETURNiptables -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROPiptables -A DOCKER-ISOLATION-STAGE-2 -j RETURNiptables -A DOCKER-USER -j RETURN #nat表规则iptables -t nat -N DOCKERiptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKERiptables -t nat -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKERiptables -t nat -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADEiptables -t nat -A DOCKER -i docker0 -j RETURN4、安装brtcl
yum install -y bridge-utils5、停用docker,编辑daemon文件,没有会新增,增加网断bip,当前linux【139.224.3.64】IP
systemctl stop dockerip link set dev docker0 downbrctl delbr docker0iptables -t nat -F POSTROUTINGbrctl addbr docker0ip addr add 172.16.10.1/24 dev docker0ip link set dev docker0 up /etc/docker/daemon.json# 编辑daemon文件"bip": "139.224.3.64/24" # 添加 网段
6、重启docker
systemctl restart docker