问题

在一台服务器A（172.16.40.10）上搭建docker环境，然后另外一台服务器B（172.17.0.10）突然访问不了A，白名单全开放。

排查

ifconfig，省略了一些无关的网卡信息

[root@VM-40-10-centos ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:f2ff:fe63:1150  prefixlen 64  scopeid 0x20<link>
        ether 02:42:f2:63:11:50  txqueuelen 0  (Ethernet)
        RX packets 1428709  bytes 438948342 (418.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 918295  bytes 168791651 (160.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.40.10  netmask 255.255.255.0  broadcast 172.16.40.255
        inet6 fe80::5054:ff:fe02:f555  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:02:f5:55  txqueuelen 1000  (Ethernet)
        RX packets 70715304  bytes 24744734143 (23.0 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 50091734  bytes 14727402529 (13.7 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

其实可以发现docker0的网段跟服务器B一致，此时再看下路由表route

[root@VM-40-10-centos ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.40.1     0.0.0.0         UG    100    0        0 eth0
172.16.40.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0

服务器B进来，被路由到了docker了。。。此时的解决版本就是修改docker的默认网关

1. vim /etc/docker/daemon.json

{
    "bip":"172.100.0.1/24"
}

2. 重启docker

systemctl restart docker