O tráfego TCP não foi encaminhado para o contêiner docker

Question

O tráfego TCP não foi encaminhado para o contêiner docker

0

Eu tenho a seguinte configuração:

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.252.10.129   0.0.0.0         UG    100    0        0 ens192
10.252.10.128   0.0.0.0         255.255.255.224 U     100    0        0 ens192
10.252.10.176   0.0.0.0         255.255.255.248 U     100    0        0 ens224
10.252.10.224   0.0.0.0         255.255.255.248 U     100    0        0 ens256
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 ens224
169.254.0.0     0.0.0.0         255.255.0.0     U     1004   0        0 ens256
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.128.0   0.0.0.0         255.255.255.0   U     0      0        0 br-5791d7b4168d

broadcast 10.252.10.128 dev ens192  proto kernel  scope link  src 10.252.10.137 
local 10.252.10.137 dev ens192  proto kernel  scope host  src 10.252.10.137 
broadcast 10.252.10.159 dev ens192  proto kernel  scope link  src 10.252.10.137 

broadcast 10.252.10.176 dev ens224  proto kernel  scope link  src 10.252.10.180 
local 10.252.10.180 dev ens224  proto kernel  scope host  src 10.252.10.180 
broadcast 10.252.10.183 dev ens224  proto kernel  scope link  src 10.252.10.180 

broadcast 10.252.10.224 dev ens256  proto kernel  scope link  src 10.252.10.225 
local 10.252.10.225 dev ens256  proto kernel  scope host  src 10.252.10.225 
broadcast 10.252.10.231 dev ens256  proto kernel  scope link  src 10.252.10.225 

broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1 

broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1 
broadcast 172.17.0.0 dev docker0  proto kernel  scope link  src 172.17.0.1 
local 172.17.0.1 dev docker0  proto kernel  scope host  src 172.17.0.1 
broadcast 172.17.255.255 dev docker0  proto kernel  scope link  src 172.17.0.1 

broadcast 192.168.128.0 dev br-5791d7b4168d  proto kernel  scope link  src 192.168.128.1 
local 192.168.128.1 dev br-5791d7b4168d  proto kernel  scope host  src 192.168.128.1 
broadcast 192.168.128.255 dev br-5791d7b4168d  proto kernel  scope link  src 192.168.128.1

IPTABLES

Chain DOCKER (2 references)
 pkts bytes target     prot opt in     out     source               destination         
   13   780 RETURN     all  --  br-5791d7b4168d *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 RETURN     all  --  br-4e9812a44531 *       0.0.0.0/0            0.0.0.0/0           
    0     0 DNAT       tcp  --  !br-5791d7b4168d *       0.0.0.0/0            0.0.0.0/0            tcp dpt:20443 to:192.168.128.3:9443
    1    60 DNAT       tcp  --  !br-5791d7b4168d *       0.0.0.0/0            0.0.0.0/0            tcp dpt:28444 to:192.168.128.3:8444
  281 15112 DNAT       tcp  --  !br-5791d7b4168d *       0.0.0.0/0            0.0.0.0/0            tcp dpt:28443 to:192.168.128.3:8443

Se eu enviar uma solicitação em ens224 , o tráfego não será encaminhado para o contêiner docker. Atinge o servidor, mas não é encaminhado.
Se eu enviar a mesma solicitação do servidor local, a solicitação chegará à janela de encaixe.

Alguma idéia de como depurar isso?
Eu usei tcpdump para rastrear o tráfego e a solicitação chega ao servidor.

rhel

por Catalin 22.06.2018 / 13:44

0 respostas

Tags rhel

(root) FAILED para autorizar o usuário com o PAM (Permission denied) Como obtenho o sar para mostrar no dia anterior?