- By default, all container networks are hidden from the real network. Here’s a masquerade (hide NAT) rule for all container traffic. This allows all of the containers to talk to the outside world (AKA the real network) but doesn’t allow the outside rule to talk back to the containers.
- docker run -it –rm –p 8080:80 busybox If we run that command, we can see that iptables creates an associated NAT rule that forwards traffic destined for 8080 on the host (10.20.30.100 in this case) to port 80 on the container… if the busybox container on docker1 wants to talk to the busybox container on docker2, it could only do so through an exposed port on the hosts network interface.
- 在host中把icc=false,container之間就不會互聯,要在run時用--link參數
個人在學習Linux過程當中的個人筆記,提供個人及有需要的人查閱,若有錯誤歡迎提供指正,謝謝。 This Blog recorded notes about my learning Linux and provides myself and others reference. If there are any incorrect information, welcome to leave a message to correct me, Thanks.
2015年1月26日 星期一
docker networking
http://www.dasblinkenlichten.com/docker-networking-101/
訂閱:
文章 (Atom)