我在 Windows 10 上的 Hyper-V 內的 Ubuntu 18.04 上的 Docker 容器中設定了 Oracle 資料庫,如下所述這裡。
但是當我使用以下命令運行容器時:
sudo docker run -d -it --rm --name oracle12se -v /home/oracle/oradata12:/opt/oracle/oradata -p 1522:1521 -p 5502:5500 -m 4G oracle/database-se:12.2.0.1
我無法從另一台 Hyper-V 電腦連線到我的 Oracle 資料庫,如果我檢查連線telnet(172.17.66.84 是執行 Docker 的主機的 IP 位址):
telnet 172.17.66.84 1522
它沒有連接。但如果我檢查連接埠 22 (SSH):
telnet 172.17.66.84 22
連接成功,說明主機可以訪問,IP位址正確。
要檢查 Oracle 實例是否已啟動,我運行
telnet 172.17.66.84 1522
或者
telnet localhost 1522
在主機(運行 Docker 的地方)上並且連接成功。
因此,IP 位址是正確的並且可以訪問,Oracle 實例正在運行並正在偵聽連接埠 1522,但我無法從本地網路連接到它。
更有趣的是,之前一切都運作良好,但我不知道發生了什麼變化。
什麼可以阻止連線?
編輯1:
如果我執行一個偵聽主機上連接埠 8080 的測試腳本,我可以使用 telnet 從另一台電腦進行連線:
telnet 172.17.66.84 8080
所以它不是Hyper-V或防火牆,但看起來它是與Docker有關的東西。
在主機上:
sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:5500
ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:1521
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:98ff:feb3:fbe8 prefixlen 64 scopeid 0x20<link>
ether 02:42:98:b3:fb:e8 txqueuelen 0 (Ethernet)
RX packets 88 bytes 2768 (2.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 123 bytes 10688 (10.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.66.84 netmask 255.255.255.240 broadcast 172.17.66.95
inet6 fe80::980a:fe52:5a8d:1bb7 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:08:73:28 txqueuelen 1000 (Ethernet)
RX packets 451608 bytes 655072327 (655.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 101353 bytes 8256682 (8.2 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 2853 bytes 157368 (157.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2853 bytes 157368 (157.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethbab7679: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::942e:fff:feee:b333 prefixlen 64 scopeid 0x20<link>
ether 96:2e:0f:ee:b3:33 txqueuelen 0 (Ethernet)
RX packets 88 bytes 4000 (4.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 166 bytes 15352 (15.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
編輯2:
sudo iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 0.0.0.0/0
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:5500
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt:1521
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5502 to:172.17.0.2:5500
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1522 to:172.17.0.2:1521
sudo docker info
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 57
Server Version: 18.09.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.15.0-48-generic
Operating System: Ubuntu 18.04.2 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 9.758GiB
Name: tor
ID: TN5P:KKCD:TGRU:HQHV:6SH7:6WTJ:U445:6WYC:D7LS:D6AW:BFVC:2B2U
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine
WARNING: No swap limit support