Docker cannot specify container connection

  docker, question

Docker configuration:

root@ubuntu> ps -ef | grep docker
 root xxxxx /usr/bin/dockerd -H fd:// -b=br0 --icc=false --iptables=true

Start with a web host:
docker run -d --name web -p 8080:80 php-fpm:5.4

Another test host test connection:
docker run -dit --name test --link web:web blackhole/ubuntu:0.1 bash

To view the table of iptables filter:

root@ubuntu> sudo iptables -L -n
 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination
 
 Chain FORWARD (policy DROP)
 target     prot opt source               destination
 
 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination
 
 Chain DOCKER (0 references)
 target     prot opt source               destination
 ACCEPT     tcp  --  0.0.0.0/0            192.168.100.2        tcp dpt:80
 ACCEPT     tcp  --  192.168.100.3        192.168.100.2        tcp dpt:80
 ACCEPT     tcp  --  192.168.100.2        192.168.100.3        tcp spt:80
 ACCEPT     tcp  --  192.168.100.3        192.168.100.2        tcp dpt:443
 ACCEPT     tcp  --  192.168.100.2        192.168.100.3        tcp spt:443
 ACCEPT     tcp  --  192.168.100.3        192.168.100.2        tcp dpt:22
 ACCEPT     tcp  --  192.168.100.2        192.168.100.3        tcp spt:22

Enter the test container:

sudo docker exec -it test bash
 root@00585b9efea8:/# cat /etc/hosts
 127.0.0.1    localhost
 ::1    localhost ip6-localhost ip6-loopback
 fe00::0    ip6-localnet
 ff00::0    ip6-mcastprefix
 ff02::1    ip6-allnodes
 ff02::2    ip6-allrouters
 192.168.100.2    web 2cec3235f5fa
 192.168.100.3    00585b9efea8
 root@00585b9efea8:/# ping web
 PING web (192.168.100.2): 56 data bytes
 ^C--- web ping statistics ---
 12 packets transmitted, 0 packets received, 100% packet loss
 root@00585b9efea8:/# ping 192.168.100.2
 PING 192.168.100.2 (192.168.100.2): 56 data bytes
 ^C--- 192.168.100.2 ping statistics ---
 12 packets transmitted, 0 packets received, 100% packet loss
 root@00585b9efea8:/# curl web
 ^C
 root@00585b9efea8:/# curl http://192.168.100.2:80
 ^C

Specifies that the three conditions for container connection:-ICC = FASLE-IPTABLES = TRUE-LINK have been met. In order to prevent accidents, the first step was carried out before.iptables -FRemove

What is the problem? Or where might it be

Resolved:
The nature of docker’s link parameter is to add rules to iptables and containers’ hosts. From the above, we can see that the rules have been added, but why not? Because I forgot to add the EXPOSE parameter when writing the Dockerfile (because I always thought this command was useless), in fact, EXPOSE will open the port, which is not simply convenient for the use of the -P command and for the developers to see. Iptables’ ACCEPT rule is port-based, but I didn’t write it in EXPOSE, which would make link useless. However, the open ports of the common web container or db container are 3306 and 80 and 443, but none of them are open, which leads to the inability to ping and curl after link is connected, and the ports that ping is not 80, 3306 and 443. So even if it succeeds, it will not ping.