Solution to docker suddenly not being accessible from the external network

According to the methods of the masters, the cause was found: sysctl net.ipv4.ip_forward. Tencent Cloud prompted to fix the vulnerability. After executing their script, IP forwarding was turned off.

After some research, I was able to find the problem through docker info.

And you can see that docker gives a warning

Solution:

sudo vim /etc/sysctl.conf Modify, save, then systemctl restart network

or

sysctl -w net.ipv4.ip_forward=1

But this treatment may become invalid after the server is restarted?

There are two more warnings, so let's deal with them together.

WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled

Supplement: Docker network problem, the external IP of the host machine cannot be pinged in the Docker container, but the external IP of other machines can be pinged

Problem Description

Machine A and machine B each have their own internal IP and external IP, for example: A-IP-internal, A-IP-external

B-IP-inside, B-IP-outside, machine A has a domain name www.xxx.com

Install the Jenkins Docker container on machine A, start it, and enter the container

#docker exec -it jenkins /bin/sh
Then ping the internal IP of host A in the container, and it can be pinged#ping A-IP-internal (172.16...) //Returns that it can be pinged#ping A-IP-external (202.106...) //Failed to ping#ping www.xxx.com //Can be correctly resolved to the external IP of machine A, but ping cannot be pinged#ping baidu.com //Can be pinged

in addition:

1. From the host machine A outside the docker container, ping A-IP-outside (202.106...) is successful.

2. Install the Jenkins container on machine B, and ping A-IP-external (202.106...) from within the container.

2. Install the Jenkins container on machine B. Pinging B-IP-external (202.106…) from within the container is unsuccessful.

Looking for various network problems, deleting containers, images, and reinstalling docker all do not work.

In short: How can I ping the public IP of the host machine itself in the docker container?

I need to ping www.xxx.com in the container of machine A, which will be resolved to the intranet address of machine A.

Because the intranet address of machine A can be pinged from within the container.

New modified docker-compose file

extra_hosts:
- "www.xxx.com:172.16.xxx.A"

After rebuilding the docker container, enter the docker container

#ping A-IP-outside (202.106...) // Pinged successfully, OK meets the requirement

The above is my personal experience. I hope it can give you a reference. I also hope that you will support 123WORDPRESS.COM. If there are any mistakes or incomplete considerations, please feel free to correct me.