Docker Network 방식 비교
Types of Docker network
https://docs.docker.com/engine/network/
# docker network ls NETWORK ID NAME DRIVER SCOPE fafa09f2813b bridge bridge local 6ff30defc56c host host local e5c6c6671c21 none null local
Bridge Network (default)
컨테이터는 별도의 내부 IP를 가짐
iptables 규칙이 별도로 동작함. firewalld, ufw 등의 호스트 방화벽이 동작하지 않음.
HOST # docker run -d --rm --name web-test -p 8000:8000 crccheck/hello-world
HOST # ip addr
2: enp1s0: ...
inet 192.168.0.250/24 brd 192.168.0.255 scope global enp1s0
3: docker0: ...
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
HOST # docker exec -it web-test /bin/sh
CONTAINER # ip addr
4: eth0@if5: ...
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
HOST # ufw enable REMOTE # curl 192.168.0.250:8000 <pre>Hello World...
Host Network
컨테이너 내부에서 호스트의 네트워크가 보이고 호스트의 IP를 가짐.
firewalld, ufw 등의 호스트 방화벽이 동작함.
HOST # docker run -d --name web-test --net=host crccheck/hello-world
HOST # docker exec -it web-test /bin/sh
CONTAINER # ip addr
2: enp1s0: ...
inet 192.168.0.250/24 brd 192.168.0.255 scope global enp1s0
3: docker0: ...
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
CONTAINER # netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::8000 :::* LISTEN 7/httpd
HOST # ufw enable REMOTE # curl 192.168.0.250:8000 curl: (7) Failed to connect to ...