马春杰杰目前有四台机器,其中一台按照上次的全流程配置之后,容器可以正确获取到动态IP:
但是其他三台都不行,死活获取不到:
一度以为是上游路由器的问题,因为DHCP一直没有答复:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
(base) mcj@ubuntu:~$ sudo tcpdump -i br0 -n 'port 67 or port 68' [sudo] password for mcj: tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on br0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 10:44:58.805534 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 296 10:45:02.358795 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 296 10:45:07.290035 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 296 10:45:14.308262 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 296 10:45:30.288421 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 296 10:45:30.937214 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 300 10:45:33.960407 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 300 10:46:02.502683 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 296 10:47:06.644200 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 296 |
经过多方查询之后,发现是系统把二层桥转到 iptables/nft 处理,这就可能把 DHCP 吃掉,所以,临时关闭 bridge→iptables 钩子:
sudo sysctl -w net.bridge.bridge-nf-call-iptables=0
sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=0
然后重新测试DHCP:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
(base) mcj@ubuntu:~$ sudo tcpdump -i br0 -n 'port 67 or port 68' tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on br0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 10:47:59.440982 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 300 10:48:00.580822 IP 10.170.255.254.67 > 10.170.2.249.68: BOOTP/DHCP, Reply, length 328 10:48:00.581125 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 300 10:48:00.620553 IP 10.170.255.254.67 > 10.170.2.249.68: BOOTP/DHCP, Reply, length 328 10:48:11.470548 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 296 10:48:11.478544 IP 10.170.255.254.67 > 10.170.2.249.68: BOOTP/DHCP, Reply, length 328 10:48:11.478752 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:51:ff:ab, length 308 10:48:11.487062 IP 10.170.255.254.67 > 10.170.2.249.68: BOOTP/DHCP, Reply, length 328 10:48:30.599298 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:e0:4c:30:13:68, length 300 10:48:30.728204 IP 10.170.255.254.67 > 10.170.3.143.68: BOOTP/DHCP, Reply, length 328 10:49:22.872627 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:49:91:ec, length 295 10:49:23.994176 IP 10.170.255.254.67 > 10.170.3.42.68: BOOTP/DHCP, Reply, length 328 10:49:23.994446 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:16:3e:49:91:ec, length 307 10:53:53.465790 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 9c:7b:ef:4e:9e:8a, length 322 10:53:53.478028 IP 10.170.255.254.67 > 10.170.2.30.68: BOOTP/DHCP, Reply, length 328 |
可以看到,DHCP已经成功,容器可以正确获取IP了~
但是目前还只是临时生效,若要重启之后依然生效,需要进行持久化操作,如下:
让内核在早期就加载 br_netfilter:
echo br_netfilter | sudo tee /etc/modules-load.d/br_netfilter.conf
sudo modprobe br_netfilter
然后保留 sysctl 配置为 0,并立即应用:
printf "net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-ip6tables=0
" | sudo tee /etc/sysctl.d/99-bridge-nf.conf
sudo systemctl restart systemd-modules-load
sudo systemctl restart systemd-sysctl
sysctl net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables
输出应该都为0~
最新评论
站长您好,亚马逊云咨询推广资源,望建立联系,可邮件,谢谢。
换友情链接吗?
看你的站做的挺不错的
恭喜!!太强了,硕博连读啊
雁过留毛,人过留名。
看不懂但大受震撼
每天都在战争,希望2026和平.
ZeroTier 看过多篇帖子,目前群辉、飞牛os、win11 、安卓、ubuntu ≥18.04 顺利通过,这篇相对于简单 实用、特来感谢 🙄