如何解决Docker私有IP在外部网络上泄漏
Ubuntu 18.04.5 LTS上的Docker版本19.03.12 (也可以在以前的版本中看到)
我们遇到的问题是
网络数据包使用dockers内部IP(例如172.19.0.3)发送到外部网络
我们公司的防火墙对此不满意:-(
14:53:39.328794 IP 192.168.15.103.8080 > 192.168.30.137.59261: Flags [P.],seq 1:75,ack 56,win 501,length 74: HTTP: HTTP/1.1 408 Request Time-out
14:53:39.328841 IP 192.168.15.103.8080 > 192.168.30.137.59261: Flags [P.],seq 75:77,length 2: HTTP
14:53:39.328878 IP 192.168.15.103.8080 > 192.168.30.137.59261: Flags [F.],seq 77,length 0
14:53:39.328915 IP 192.168.15.103.8080 > 192.168.30.137.59261: Flags [R.],seq 78,length 0
14:53:39.348180 IP 192.168.30.137.59261 > 192.168.15.103.8080: Flags [.],ack 77,win 1026,length 0
14:53:39.348267 IP 192.168.30.137.59261 > 192.168.15.103.8080: Flags [.],ack 78,length 0
14:53:39.348316 IP 172.19.0.3.8080 > 192.168.30.137.59261: Flags [R],seq 3707268877,win 0,length 0 <<<<<<<<<
14:53:39.348333 IP 192.168.15.103.8080 > 192.168.30.137.59261: Flags [R],seq 3707268878,length 0
来自我们的proxyserver_default网络:
# docker network inspect proxyserver_default
[
{
"Name": "proxyserver_default","Id": "59e5a86bb11b3af60e7345fad3105dfdaca86435a628c3f5d54a953c0d404493","Created": "2020-08-31T15:14:07.688924924Z","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {
"Driver": "default","Options": null,"Config": [
{
"Subnet": "172.19.0.0/16","Gateway": "172.19.0.1"
}
]
},"Internal": false,"Attachable": true,"Ingress": false,"ConfigFrom": {
"Network": ""
},"ConfigOnly": false,"Containers": {
"2154be1d1fc547466ced01ebdb817893688539ce41f4c51191dd7f83d4628c1e": {
"Name": "proxyserver_clamavd_1","EndpointID": "f2185be227934bf65784a114354b9a77b1c8ee7c80739855eff990e85cd6fa40","MacAddress": "02:42:ac:13:00:02","IPv4Address": "172.19.0.2/16","IPv6Address": ""
},"4b564439c5bcc46234b61553b66f6131306c870071792321b308189d24f0876d": {
"Name": "proxyserver_dnscache_1","EndpointID": "071ac91b019ec23255b2364fc5ae2c42355bd3c423ad55b93b322f43d85f0bd2","MacAddress": "02:42:ac:13:00:04","IPv4Address": "172.19.0.4/16","4e165658fd5d2ca4f8f0c402d0025b390fadda454255aafc8b5af9ec1e057a4a": {
"Name": "proxyserver_e2guardian_1","EndpointID": "e48934b9ccca641af7d44760eac76abf9582faff9886c70c83e64a5cf543009b","MacAddress": "02:42:ac:13:00:03","IPv4Address": "172.19.0.3/16","IPv6Address": ""
}
},"Options": {},"Labels": {
"com.docker.compose.network": "default","com.docker.compose.project": "proxyserver","com.docker.compose.version": "1.26.2"
}
}
]
也有人看到吗?
我们如何防止这种情况发生?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。