Docker Network 방식 비ꡐ


Types of Docker network

https://docs.docker.com/engine/network/

# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
fafa09f2813b   bridge    bridge    local
6ff30defc56c   host      host      local
e5c6c6671c21   none      null      local

Bridge Network (default)

μ»¨ν…Œμ΄ν„°λŠ” λ³„λ„μ˜ λ‚΄λΆ€ IPλ₯Ό 가짐

HOST # docker run -d --rm --name web-test -p 8000:8000 crccheck/hello-world

HOST # ip addr
2: enp1s0: ...
    inet 192.168.0.250/24 brd 192.168.0.255 scope global enp1s0
3: docker0: ...
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

HOST # docker exec -it web-test /bin/sh

CONTAINER # ip addr
4: eth0@if5: ...
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0

iptables κ·œμΉ™μ΄ λ³„λ„λ‘œ λ™μž‘ν•¨. firewalld, ufw λ“±μ˜ 호슀트 방화벽이 λ™μž‘ν•˜μ§€ μ•ŠμŒ.

HOST # ufw enable
REMOTE # curl 192.168.0.250:8000
<pre>Hello World...

Host Network

μ»¨ν…Œμ΄λ„ˆ λ‚΄λΆ€μ—μ„œ 호슀트의 λ„€νŠΈμ›Œν¬κ°€ 보이고 호슀트의 IPλ₯Ό 가짐.

HOST # docker run -d --name web-test --net=host crccheck/hello-world

HOST # docker exec -it web-test /bin/sh

CONTAINER # ip addr
2: enp1s0: ...
    inet 192.168.0.250/24 brd 192.168.0.255 scope global enp1s0
3: docker0: ...
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

CONTAINER # netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 :::8000                 :::*                    LISTEN      7/httpd

firewalld, ufw λ“±μ˜ 호슀트 방화벽이 λ™μž‘ν•¨.

HOST # ufw enable
REMOTE # curl 192.168.0.250:8000
curl: (7) Failed to connect to ...
  • No labels