容器监听器在服务器IP地址上不起作用 – 仅在Docker网络的IP上起作用

huangapple go评论59阅读模式
英文:

Container Listener not working on IP Address from server - Only works on IP from the Docker Network

问题

摘要

我正在运行一个Zabbix服务器容器,但无法与其监听的端口进行通信 - 即使是本地的。

操作系统/环境/使用的docker-compose文件

这是我当前用于运行的脚本:

docker run -d --name zabbix-server \
 --restart always \
 --link zabbix-snmptraper:zabbix-snmptraps --volumes-from zabbix-snmptraper \
 -p 192.168.1.248:10052:10051 \
 -e MYSQL_DATABASE="zabbix" \
 -e MYSQL_USER="zabbix" \
 -e MYSQL_PASSWORD="aro@123" \
 -e ZBX_LISTENPORT=10052 \
 -e ZBX_HOUSEKEEPINGFREQUENCY=12 \
 -e ZBX_LOGSLOWQUERIES=1000 \
 -e ZBX_STARTPOLLERSUNREACHABLE=1 \
 -e ZBX_STARTPINGERS=5 \
 -e ZBX_STARTTRAPPERS=1 \
 -e ZBX_STARTDBSYNCERS=3 \
 -e ZBX_STARTDISCOVERERS=4 \
 -e ZBX_STARTPOLLERS=10 \
 -e ZBX_TIMEOUT=30 \
 -e ZBX_VALUECACHESIZE=32M \
 -e ZBX_CACHESIZE=48M \
 -e ZBX_MAXHOUSEKEEPERDELETE=432000 \
 -e ZBX_ENABLE_SNMP_TRAPS=true \
 -e MYSQL_ROOT_PASSWORD="my_root_pass_of_mysql..." \
 -e DB_SERVER_HOST="mysql-server" \
 -e DB_SERVER_PORT="3306" \
 -v /etc/localtime:/etc/localtime:ro \
 -v /mnt/dados/zabbix/external_scripts:/usr/lib/zabbix/externalscripts \
--network=zabbix-net \
zabbix/zabbix-server-mysql:5.4-ubuntu-latest

配置

这些命令代码块正在Debian 11上运行。

复制步骤

基本上,容器已经启动并正在运行。

被动查询都在工作 - 我可以从Zabbix获取数据到其他Zabbix代理、SNMP等。

问题发生在我尝试从外部对Zabbix服务器进行主动查询时... (主动查询.)

我的推断是Docker容器没有为此创建必要的路由,因此我必须指定一些内容,或者有一些缺少的配置。

预期结果

当我尝试telnet到我的Zabbix服务器的10052端口时,预期的结果是OK连接。

实际结果

本地,在我的Zabbix服务器上,当我执行:

sudo telnet 192.168.1.248 10052

我得到telnet:无法连接到远程主机:连接被拒绝

奇怪的是,当我在DOCKER网络的IP地址上执行此操作,(从docker inspect zabbix-server "IPAddress": "172.18.0.4")获取了IP地址时,它起作用了。所以这个容器存在路由问题。

但是大多数容器在运行时都会创建规则,或者至少在日志或文档中显示它。但我无法在任何地方找到这个...

你能帮帮我吗?

我已经在这上面忙活了两个多星期,不知道该怎么办了。

如果这个问题在错误的部分或“流程”中,请引导我到正确的地方。我非常感激你的帮助。

编辑 1

这是TCPDUMP给我的输出:

16:28:12.373378 IP 192.168.17.24.55114 > 192.168.1.248.10052: Flags [S], seq 2008667124, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

正如你所见,数据包正在传输并到达Docker服务器。

我尝试添加以下规则到IPTables,看看是否能解决问题:

sudo iptables -t nat -A PREROUTING -p tcp --dport 10052 -j DNAT --to-destination 172.18.0.4:10052 -m comment --comment "将来自IP 248的请求重定向到容器IP";

但它没有起作用。或者我创建得不对。

要列出规则,我使用了以下命令:

sudo iptables -t nat -v -L PREROUTING -n --line-number

一切都创建得很好。

英文:

SUMMARY

I am running a Zabbix Server container, but I am not being able to communicate on its listening port - Locally even.

OS / ENVIRONMENT / Used docker-compose files

This is the script I am currently using to run it:

docker run -d --name zabbix-server \
 --restart always \
 --link zabbix-snmptraper:zabbix-snmptraps --volumes-from zabbix-snmptraper \
 -p 192.168.1.248:10052:10051 \
 -e MYSQL_DATABASE="zabbix" \
 -e MYSQL_USER="zabbix" \
 -e MYSQL_PASSWORD="aro@123" \
 -e ZBX_LISTENPORT=10052 \
 -e ZBX_HOUSEKEEPINGFREQUENCY=12 \
 -e ZBX_LOGSLOWQUERIES=1000 \
 -e ZBX_STARTPOLLERSUNREACHABLE=1 \
 -e ZBX_STARTPINGERS=5 \
 -e ZBX_STARTTRAPPERS=1 \
 -e ZBX_STARTDBSYNCERS=3 \
 -e ZBX_STARTDISCOVERERS=4 \
 -e ZBX_STARTPOLLERS=10 \
 -e ZBX_TIMEOUT=30 \
 -e ZBX_VALUECACHESIZE=32M \
 -e ZBX_CACHESIZE=48M \
 -e ZBX_MAXHOUSEKEEPERDELETE=432000 \
 -e ZBX_ENABLE_SNMP_TRAPS=true \
 -e MYSQL_ROOT_PASSWORD="my_root_pass_of_mysql..." \
 -e DB_SERVER_HOST="mysql-server" \
 -e DB_SERVER_PORT="3306" \
 -v /etc/localtime:/etc/localtime:ro \
 -v /mnt/dados/zabbix/external_scripts:/usr/lib/zabbix/externalscripts \
--network=zabbix-net \
zabbix/zabbix-server-mysql:5.4-ubuntu-latest

CONFIGURATION

The code block of commands is being run on a Debian 11.

STEPS TO REPRODUCE

Basically, the container is UP and running.

The passive queries are all working - I can gather data from Zabbix to other Zabbix Agents, SNMP, etc.

The problem happens when I try to do a active query from outside to Zabbix Server itself... (Active queries.)

My deduction was that the docker container did not create the necessary routes for this, so I must specify something or there is some configuration missing.

EXPECTED RESULTS

When doing a telnet to 10052 on my Zabbix Server, the expected result is a OK Connected.

ACTUAL RESULTS

Locally, on my own Zabbix Server, when I did:

sudo telnet 192.168.1.248 10052

I got telnet: Unable to connect to remote host: Connection refused

Crazy thing is that when doing this on the IP address of the DOCKER NETWORK, (Got the IP from docker inspect zabbix-server "IPAddress": "172.18.0.4"):

sudo telnet 172.18.0.4 10052

> Trying 172.18.0.4...
> Connected to 172.18.0.4.

It worked. So there is a routing problem with this container.

But most containers when running create the rules or at least show it in logs or docs. how to do it.

But I could not find this anywhere...

Can you please help me?

I am on this for more than two weeks and do not know what to do anymore.

If this is in the wrong section or "flow", please direct me to the correct place to this.
I really appreciate the help.

Edit 1

Here is the output TCPDUMP gave me:

16:28:12.373378 IP 192.168.17.24.55114 > 192.168.1.248.10052: Flags [S], seq 2008667124, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

As you can see, packets are coming through and arriving to the Docker Server.

I tried adding the following rule to IPTables to see if it solved it:

sudo iptables -t nat -A PREROUTING -p tcp --dport 10052 -j DNAT --to-destination 172.18.0.4:10052 -m comment --comment "Redirect requests from IP 248 to the container IP"

But it did not work. Or I created this wrongly.

To list the rules I used the command:

sudo iptables -t nat -v -L PREROUTING -n --line-number

It was created all fine.

答案1

得分: 1

你配置了Zabbix监听端口10052(-e ZBX_LISTENPORT=10052),但你将主机端口10052映射到容器端口10051-p 192.168.1.248:10052:10051)。

使用-p 192.168.1.248:10052:10052来使其正常工作。

docker run -d --name zabbix-server \
 --restart always \
 --link zabbix-snmptraper:zabbix-snmptraps --volumes-from zabbix-snmptraper \
 -p 192.168.1.248:10052:10052 \
 -e MYSQL_DATABASE="zabbix" \
 -e MYSQL_USER="zabbix" \
 -e MYSQL_PASSWORD="aro@123" \
 -e ZBX_LISTENPORT=10052 \
 -e ZBX_HOUSEKEEPINGFREQUENCY=12 \
 -e ZBX_LOGSLOWQUERIES=1000 \
 -e ZBX_STARTPOLLERSUNREACHABLE=1 \
 -e ZBX_STARTPINGERS=5 \
 -e ZBX_STARTTRAPPERS=1 \
 -e ZBX_STARTDBSYNCERS=3 \
 -e ZBX_STARTDISCOVERERS=4 \
 -e ZBX_STARTPOLLERS=10 \
 -e ZBX_TIMEOUT=30 \
 -e ZBX_VALUECACHESIZE=32M \
 -e ZBX_CACHESIZE=48M \
 -e ZBX_MAXHOUSEKEEPERDELETE=432000 \
 -e ZBX_ENABLE_SNMP_TRAPS=true \
 -e MYSQL_ROOT_PASSWORD="my_root_pass_of_mysql..." \
 -e DB_SERVER_HOST="mysql-server" \
 -e DB_SERVER_PORT="3306" \
 -v /etc/localtime:/etc/localtime:ro \
 -v /mnt/dados/zabbix/external_scripts:/usr/lib/zabbix/externalscripts \
--network=zabbix-net \
zabbix/zabbix-server-mysql:5.4-ubuntu-latest
英文:

While you configured Zabbix to listen on port 10052 (-e ZBX_LISTENPORT=10052), you mount the host port 10052 to the containers port 10051 instead (-p 192.168.1.248:10052:10051).

Use -p 192.168.1.248:10052:10052 to make it work.

docker run -d --name zabbix-server \
 --restart always \
 --link zabbix-snmptraper:zabbix-snmptraps --volumes-from zabbix-snmptraper \
 -p 192.168.1.248:10052:10052 \
 -e MYSQL_DATABASE="zabbix" \
 -e MYSQL_USER="zabbix" \
 -e MYSQL_PASSWORD="aro@123" \
 -e ZBX_LISTENPORT=10052 \
 -e ZBX_HOUSEKEEPINGFREQUENCY=12 \
 -e ZBX_LOGSLOWQUERIES=1000 \
 -e ZBX_STARTPOLLERSUNREACHABLE=1 \
 -e ZBX_STARTPINGERS=5 \
 -e ZBX_STARTTRAPPERS=1 \
 -e ZBX_STARTDBSYNCERS=3 \
 -e ZBX_STARTDISCOVERERS=4 \
 -e ZBX_STARTPOLLERS=10 \
 -e ZBX_TIMEOUT=30 \
 -e ZBX_VALUECACHESIZE=32M \
 -e ZBX_CACHESIZE=48M \
 -e ZBX_MAXHOUSEKEEPERDELETE=432000 \
 -e ZBX_ENABLE_SNMP_TRAPS=true \
 -e MYSQL_ROOT_PASSWORD="my_root_pass_of_mysql..." \
 -e DB_SERVER_HOST="mysql-server" \
 -e DB_SERVER_PORT="3306" \
 -v /etc/localtime:/etc/localtime:ro \
 -v /mnt/dados/zabbix/external_scripts:/usr/lib/zabbix/externalscripts \
--network=zabbix-net \
zabbix/zabbix-server-mysql:5.4-ubuntu-latest

huangapple
  • 本文由 发表于 2023年2月16日 02:53:18
  • 转载请务必保留本文链接:https://go.coder-hub.com/75464279.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定