參考：
https://blog.csdn.net/NewTyun/article/details/104191062/
https://www.networkinghowtos.com/howto/enable-ip-forwarding-on-ubuntu-13-04/
https://gist.github.com/tzermias/5408466

1. 環(huán)境信息

安裝ubuntu docker環(huán)境
機(jī)器1
IP：172.30.30.231
Docker網(wǎng)段：172.17.231.1

機(jī)器2
IP：172.30.30.232
Docker網(wǎng)段：172.17.232.1

2. 修改Docker配置

修改/etc/docker/daemon.json配置docker網(wǎng)段，并重啟docker服務(wù)

在機(jī)器1上修改

op@dev-01:~$ cat /etc/docker/daemon.json
{
  "bip": "172.17.231.1/24"
}
op@dev-01:~$ systemctl reestart docker

在機(jī)器2上修改

op@dev-02:~$ cat /etc/docker/daemon.json
{
  "bip": "172.17.232.1/24"
}
op@dev-02:~$ systemctl reestart docker

3. 添加路由規(guī)則

在機(jī)器1上執(zhí)行

root@dev-01:~# route add -net 172.17.232.0/24 gw 172.30.30.232
root@dev-01:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.30.30.254   0.0.0.0         UG    0      0        0 eth0
172.17.231.0    0.0.0.0         255.255.255.0   U     0      0        0 docker0
172.17.232.0    172.30.30.232   255.255.255.0   UG    0      0        0 eth0
172.30.30.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@dev-01:~#

在機(jī)器2上執(zhí)行

root@dev-02:~# route add -net 172.17.231.0/24 gw 172.30.30.231
root@dev-02:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.30.30.254   0.0.0.0         UG    0      0        0 eth0
172.17.232.0    0.0.0.0         255.255.255.0   U     0      0        0 docker0
172.17.231.0    172.30.30.231   255.255.255.0   UG    0      0        0 eth0
172.30.30.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@dev-02:~#

將其寫入/etc/rc.local則可以重啟機(jī)器后仍生效

4. 在兩臺機(jī)器上都配置ip_forward和網(wǎng)卡轉(zhuǎn)發(fā)

臨時配置ip_forward

root@dev:~# sysctl net.ipv4.ip_forward=1

永久配置ip_forward

編輯配置文件/etc/sysctl.conf，去掉net.ipv4.ip_forward=1前面的#注釋，執(zhí)行sysctl -p使其生效

root@dev:~# cat /etc/sysctl.conf|grep 'net.ipv4.ip_forward'
net.ipv4.ip_forward=1
root@dev:~# sysctl -p

配置網(wǎng)卡轉(zhuǎn)發(fā)

root@dev:~# iptables -A FORWARD --in-interface eth0 -j ACCEPT
root@dev:~# iptables --table nat -A POSTROUTING --out-interface docker0 -j MASQUERADE
root@dev:~# iptables-save

5. 測試

在兩臺機(jī)器上分別啟動nginx測試docker,默認(rèn)ip分別為172.17.231.2和172.17.232.2

root@dev:~# docker run -d nginx

在機(jī)器1上測試

# 測試ping
root@dev-01:!# ping -c 2 172.17.232.2
PING 172.17.232.2 (172.17.232.2) 56(84) bytes of data.
64 bytes from 172.17.232.2: icmp_seq=1 ttl=63 time=0.255 ms
64 bytes from 172.17.232.2: icmp_seq=2 ttl=63 time=0.239 ms

--- 172.17.232.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.239/0.247/0.255/0.008 ms
# 測試curl
root@dev-01:~# curl 172.17.232.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a >nginx.org</a>.<br/>
Commercial support is available at
<a >nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@dev-01:~#

測試成功，同理在機(jī)器2上測試一樣可以訪問。