首页 > 其他分享 >wlan 到docker Container 通信异常

wlan 到docker Container 通信异常

时间:2023-10-27 15:34:40浏览次数:40  
标签:02 00 wlan 21 0x00 LEN 192.168 Container docker

  目前遇到问题为:设备发送特定的radius探测报文到radius容器不通, 在宿主机能抓到包,容器内部抓不到包

目前问题已经明确,我们来看下正常情况下报文是怎样的!!

// 00:0c:29:cc:1c:df 为宿主机 eth0mac地址
[Thu Sep 21 18:10:39 2023] TRACE: raw:PREROUTING:rule:2 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PREROUTING_direct:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PREROUTING:rule:3 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PREROUTING_ZONES_SOURCE:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PREROUTING:rule:4 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PREROUTING_ZONES:rule:3 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PRE_public:rule:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PRE_public_log:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PRE_public:rule:2 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PRE_public_deny:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PRE_public:rule:3 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PRE_public_allow:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PRE_public:return:4 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: raw:PREROUTING:policy:5 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PREROUTING:rule:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PREROUTING_direct:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PREROUTING:rule:2 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PREROUTING_ZONES_SOURCE:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PREROUTING:rule:3 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PREROUTING_ZONES:rule:3 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PRE_public:rule:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PRE_public_log:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PRE_public:rule:2 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PRE_public_deny:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PRE_public:rule:3 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PRE_public_allow:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PRE_public:return:4 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:PREROUTING:policy:4 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PREROUTING:rule:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PREROUTING_direct:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PREROUTING:rule:2 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PREROUTING_ZONES_SOURCE:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PREROUTING:rule:3 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PREROUTING_ZONES:rule:3 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PRE_public:rule:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PRE_public_log:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PRE_public:rule:2 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PRE_public_deny:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PRE_public:rule:3 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PRE_public_allow:return:1 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PRE_public:return:4 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:PREROUTING:rule:4 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:DOCKER:rule:6 IN=ens33 OUT= MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.1.206 LEN=415 TOS=0x00 PREC=0x00 TTL=255 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:FORWARD:rule:1 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:FORWARD_direct:return:1 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:FORWARD:policy:2 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: filter:FORWARD:rule:1 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: filter:DOCKER-USER:return:1 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: filter:FORWARD:rule:2 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: filter:DOCKER-ISOLATION-STAGE-1:return:3 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: filter:FORWARD:rule:8 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: filter:DOCKER:rule:4 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: security:FORWARD:rule:1 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: security:FORWARD_direct:return:1 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: security:FORWARD:policy:2 IN=ens33 OUT=br-64a467b94a3c MAC=00:0c:29:cc:1c:df:3c:c7:86:ad:a9:d7:08:00 SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:POSTROUTING:rule:1 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:POSTROUTING_direct:return:1 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: mangle:POSTROUTING:policy:2 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POSTROUTING:rule:3 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POSTROUTING_direct:return:1 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POSTROUTING:rule:4 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POSTROUTING_ZONES_SOURCE:return:1 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POSTROUTING:rule:5 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POSTROUTING_ZONES:rule:2 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POST_docker:rule:1 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POST_docker_log:return:1 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POST_docker:rule:2 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POST_docker_deny:return:1 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POST_docker:rule:3 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POST_docker_allow:return:1 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POST_docker:return:4 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
[Thu Sep 21 18:10:39 2023] TRACE: nat:POSTROUTING:policy:11 IN= OUT=br-64a467b94a3c SRC=192.168.1.240 DST=192.168.222.2 LEN=415 TOS=0x00 PREC=0x00 TTL=254 ID=19651 PROTO=UDP SPT=49338 DPT=1812 LEN=395 
//宿主机桥接口br-64a467b94a3c的mac地址:02:42:56:3a:35:9c(-->192.168.222.1)   容器内部etho地址:02:42:c0:a8:de:02(-->192.168.222.2)
//veth6910cc3 为宿主机和容器内部直连的接口 此接口桥接在br-64a467b94a3c 下
[Thu Sep 21 18:10:39 2023] ebtable/nat-OUTPUT IN= OUT=veth6910cc3 MAC source = 02:42:56:3a:35:9c MAC dest = 02:42:c0:a8:de:02 proto = 0x0800 IP SRC=192.168.1.240 IP DST=192.168.222.2, IP tos=0x00, IP proto=17 SPT=49338 DPT=1812
[Thu Sep 21 18:10:39 2023] ebtable/filter-OUTPUT IN= OUT=veth6910cc3 MAC source = 02:42:56:3a:35:9c MAC dest = 02:42:c0:a8:de:02 proto = 0x0800 IP SRC=192.168.1.240 IP DST=192.168.222.2, IP tos=0x00, IP proto=17 SPT=49338 DPT=1812
[Thu Sep 21 18:10:39 2023] ebtable/nat-POSTROUTE IN= OUT=veth6910cc3 MAC source = 02:42:56:3a:35:9c MAC dest = 02:42:c0:a8:de:02 proto = 0x0800 IP SRC=192.168.1.240 IP DST=192.168.222.2, IP tos=0x00, IP proto=17 SPT=49338 DPT=1812
[Thu Sep 21 18:10:39 2023] ebtable/broute-BROUTING IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.1, IP tos=0x00, IP proto=17 SPT=57536 DPT=53
[Thu Sep 21 18:10:39 2023] ebtable/nat-PREROUTE IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.1, IP tos=0x00, IP proto=17 SPT=57536 DPT=53
[Thu Sep 21 18:10:39 2023] ebtable/filter-INPUT IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.1, IP tos=0x00, IP proto=17 SPT=57536 DPT=53
[Thu Sep 21 18:10:39 2023] ebtable/broute-BROUTING IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.1, IP tos=0x00, IP proto=17 SPT=48261 DPT=53
[Thu Sep 21 18:10:39 2023] ebtable/nat-PREROUTE IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.1, IP tos=0x00, IP proto=17 SPT=48261 DPT=53
[Thu Sep 21 18:10:39 2023] ebtable/filter-INPUT IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.1, IP tos=0x00, IP proto=17 SPT=48261 DPT=53
[Thu Sep 21 18:10:39 2023] ebtable/nat-OUTPUT IN= OUT=veth6910cc3 MAC source = 02:42:56:3a:35:9c MAC dest = 02:42:c0:a8:de:02 proto = 0x0800 IP SRC=192.168.1.1 IP DST=192.168.222.2, IP tos=0x00, IP proto=17 SPT=53 DPT=57536
[Thu Sep 21 18:10:39 2023] ebtable/filter-OUTPUT IN= OUT=veth6910cc3 MAC source = 02:42:56:3a:35:9c MAC dest = 02:42:c0:a8:de:02 proto = 0x0800 IP SRC=192.168.1.1 IP DST=192.168.222.2, IP tos=0x00, IP proto=17 SPT=53 DPT=57536
[Thu Sep 21 18:10:39 2023] ebtable/nat-POSTROUTE IN= OUT=veth6910cc3 MAC source = 02:42:56:3a:35:9c MAC dest = 02:42:c0:a8:de:02 proto = 0x0800 IP SRC=192.168.1.1 IP DST=192.168.222.2, IP tos=0x00, IP proto=17 SPT=53 DPT=57536
[Thu Sep 21 18:10:39 2023] ebtable/nat-OUTPUT IN= OUT=veth6910cc3 MAC source = 02:42:56:3a:35:9c MAC dest = 02:42:c0:a8:de:02 proto = 0x0800 IP SRC=192.168.1.1 IP DST=192.168.222.2, IP tos=0x00, IP proto=17 SPT=53 DPT=48261
[Thu Sep 21 18:10:39 2023] ebtable/filter-OUTPUT IN= OUT=veth6910cc3 MAC source = 02:42:56:3a:35:9c MAC dest = 02:42:c0:a8:de:02 proto = 0x0800 IP SRC=192.168.1.1 IP DST=192.168.222.2, IP tos=0x00, IP proto=17 SPT=53 DPT=48261

//发包:
/*容器内部路由
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.222.1   0.0.0.0         UG        0 0          0 eth0
192.168.222.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.222.2  netmask 255.255.255.0  broadcast 192.168.222.255
        ether 02:42:c0:a8:de:02  txqueuelen 0  (Ethernet)
*/
[Thu Sep 21 19:45:44 2023] ebtable/broute-BROUTING IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.240, IP tos=0x00, IP proto=17 SPT=1812 DPT=49338
[Thu Sep 21 19:45:44 2023] ebtable/nat-PREROUTE IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.240, IP tos=0x00, IP proto=17 SPT=1812 DPT=49338
[Thu Sep 21 19:45:44 2023] ebtable/filter-INPUT IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.240, IP tos=0x00, IP proto=17 SPT=1812 DPT=49338

大概流程是:

从物理网卡上来,进过prerouting的raw  mangle nat后最后做了DNAT, 然后forward 到br-64a467b94a3c 接口, 此时会过mangle、filter、security 等table, 然后进入POSTROUTING的mangle、nat, 此时相当于将报文发送给br-64桥接口。

可以看到报文流向如下图 红色箭头所示

wlan 到docker Container 通信异常_3c

容器回包流程

[Thu Sep 21 19:59:49 2023] ebtable/broute-BROUTING IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.240, IP tos=0x00, IP proto=17 SPT=1812 DPT=49338
[Thu Sep 21 19:59:49 2023] ebtable/nat-PREROUTE IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.240, IP tos=0x00, IP proto=17 SPT=1812 DPT=49338
[Thu Sep 21 19:59:49 2023] TRACE: raw:PREROUTING:rule:3 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PREROUTING_direct:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PREROUTING:rule:4 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PREROUTING_ZONES_SOURCE:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PREROUTING:rule:5 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PREROUTING_ZONES:rule:2 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PRE_docker:rule:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PRE_docker_log:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PRE_docker:rule:2 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PRE_docker_deny:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PRE_docker:rule:3 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PRE_docker_allow:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PRE_docker:return:4 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: raw:PREROUTING:policy:6 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PREROUTING:rule:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PREROUTING_direct:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PREROUTING:rule:2 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PREROUTING_ZONES_SOURCE:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PREROUTING:rule:3 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PREROUTING_ZONES:rule:2 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PRE_docker:rule:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PRE_docker_log:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PRE_docker:rule:2 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PRE_docker_deny:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PRE_docker:rule:3 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PRE_docker_allow:return:1 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PRE_docker:return:4 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:PREROUTING:policy:4 IN=br-64a467b94a3c OUT= PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] ebtable/filter-INPUT IN=veth6910cc3 OUT= MAC source = 02:42:c0:a8:de:02 MAC dest = 02:42:56:3a:35:9c proto = 0x0800 IP SRC=192.168.222.2 IP DST=192.168.1.240, IP tos=0x00, IP proto=17 SPT=1812 DPT=49338
[Thu Sep 21 19:59:49 2023] TRACE: mangle:FORWARD:rule:1 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:FORWARD_direct:return:1 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:FORWARD:policy:2 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: filter:FORWARD:rule:1 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: filter:DOCKER-USER:return:1 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: filter:FORWARD:rule:2 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: filter:DOCKER-ISOLATION-STAGE-1:rule:2 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: filter:DOCKER-ISOLATION-STAGE-2:return:3 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: filter:DOCKER-ISOLATION-STAGE-1:return:3 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: filter:FORWARD:rule:9 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: security:FORWARD:rule:1 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: security:FORWARD_direct:return:1 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: security:FORWARD:policy:2 IN=br-64a467b94a3c OUT=ens33 PHYSIN=veth6910cc3 MAC=02:42:56:3a:35:9c:02:42:c0:a8:de:02:08:00 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:POSTROUTING:rule:1 IN= OUT=ens33 PHYSIN=veth6910cc3 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:POSTROUTING_direct:return:1 IN= OUT=ens33 PHYSIN=veth6910cc3 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28 
[Thu Sep 21 19:59:49 2023] TRACE: mangle:POSTROUTING:policy:2 IN= OUT=ens33 PHYSIN=veth6910cc3 SRC=192.168.222.2 DST=192.168.1.240 LEN=48 TOS=0x00 PREC=0x00 TTL=63 ID=20230 PROTO=UDP SPT=1812 DPT=49338 LEN=28

 容器发包到外网流程如下:

wlan 到docker Container 通信异常_UDP_02

对于报文经过接口tcpdump 抓包如下:

[root@localhost ~]# tcpdump  -i any udp port 1812 -nne 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
20:39:50.516301  In 3c:c7:86:ad:a9:d7 ethertype IPv4 (0x0800), length 431: 192.168.1.240.49338 > 192.168.1.206.1812: RADIUS, Access-Request (1), id: 0xc8 length: 387
20:39:50.516562 Out 02:42:56:3a:35:9c ethertype IPv4 (0x0800), length 431: 192.168.1.240.49338 > 192.168.222.2.1812: RADIUS, Access-Request (1), id: 0xc8 length: 387
20:39:50.516615 Out 02:42:56:3a:35:9c ethertype IPv4 (0x0800), length 431: 192.168.1.240.49338 > 192.168.222.2.1812: RADIUS, Access-Request (1), id: 0xc8 length: 387
20:39:51.746327   P 02:42:c0:a8:de:02 ethertype IPv4 (0x0800), length 64: 192.168.222.2.1812 > 192.168.1.240.49338: RADIUS, Access-Reject (3), id: 0xc8 length: 20
20:39:51.746327  In 02:42:c0:a8:de:02 ethertype IPv4 (0x0800), length 64: 192.168.222.2.1812 > 192.168.1.240.49338: RADIUS, Access-Reject (3), id: 0xc8 length: 20
20:39:51.746430 Out 00:0c:29:cc:1c:df ethertype IPv4 (0x0800), length 64: 192.168.1.206.1812 > 192.168.1.240.49338: RADIUS, Access-Reject (3), id: 0xc8 length: 20

 

 

 

对于 Host to Contaienr

wlan 到docker Container 通信异常_mac地址_03

 

 

对于 Container to Host

wlan 到docker Container 通信异常_3c_04

 对于 Contaienr to Container

wlan 到docker Container 通信异常_UDP_05

 

部分内容转载自:https://www.hwchiu.com/iptables-1.html

 

http代理服务器(3-4-7层代理)-网络事件库公共组件、内核kernel驱动 摄像头驱动 tcpip网络协议栈、netfilter、bridge 好像看过!!!! 但行好事 莫问前程 --身高体重180的胖子



标签:02,00,wlan,21,0x00,LEN,192.168,Container,docker
From: https://blog.51cto.com/u_15404950/8058258

相关文章

  • docker 网络和iptable的关系
    iptable中四个表的优先级顺序如下:raw:对收到的数据包在连接跟踪前进行处理。一般用不到,可以忽略一旦用户使用了raw表,raw表处理完后,将跳过nat表和ip_conntrack处理,即不再做地址转换和数据包的链接跟踪处理了mangle:用于修改报文、给报文打标签,用得也较少。nat:主要用于做......
  • docker的疑难杂症
    本篇博客主要是解决docker使用中遇到的常见报错,为了下次能够快速解决同样的问题,专门记录一下,文章会持续更新。容器名称被占用。Errorresponsefromdaemon:Conflict.Thecontainername"/mysql"isalreadyinusebycontainer"abed9581923d9d00777818256d0de8063067d38be......
  • docker部署开源MQTT平台mosquitto
    一、安装docker在开始之前,确保你的系统上已经安装了Docker。Docker提供了一个开放的平台,可以在容器中打包、分发和运行应用程序。你可以从Docker官方网站下载和安装适合你操作系统的Docker版本。二、拉取MosquittoDocker镜像这里我们以阿里云的Ubuntu系统为例。想要在docker中部......
  • graalvm 23.1.0 独立nodejs docker 镜像&简单试用
    graaljsdocker镜像很简单就是下载官方包,集成下,然后进行一些简单的配置DockerfileFROMdebian:bullseye-backportsLABELauthor="rongfengliang"LABELemail="[email protected]"WORKDIR/opt/RUN/bin/cp/usr/share/zoneinfo/Asia/Shanghai/etc/localtime\&&am......
  • docker: Error response from daemon: Conflict. The container name "/web" is alrea
    问题:docker启动docker容器时报错docker:Errorresponsefromdaemon:Conflict.ThecontainernameisalreadyinusebycontainerYouhavetoremove(orrename)thatcontainertobeabletoreusethatname.解决办法:在此之前已经启动了相同名字的docker容器,Thecontai......
  • docker如何停止容器(docker如何停止容器进程)
    https://www.yzktw.com.cn/post/1303236.htmlDocker是一款流行的容器化平台,它允许用户创建、部署和运行容器。在使用Docker时,您可能需要停止容器以进行维护或其他操作。下面我们介绍几种停止Docker容器的方法。方法一:使用dockerstop命令dockerstop[容器名/容器id]这个命令......
  • podman/docker重启后自动运行容器
    背景今天发现云主机oom重启之后podman的容器没有自动运行,大概看了一下,是因为Podman不试用Daemon守护进城,所以podman启动后不自动启动容器。这里试用systemd进行自启动管理。方案可以使用podmangeneratesystemd生成并管理生成systemd文件#podmangenerate......
  • 本地docker搭 建开源MySQL审计平台 yearning
     简单介绍:Yearning是一个轻量级的Web端的MySQLSQL语句审核平台,提供查询审计,SQL审核,SQL回滚,自定义工作流等多种功能。Yearning的前端是基于Vue.js构建的,它还提供SQL语法高亮、自动补全和智能提示、可视化等。Yearning自身包含了一套通常适用的审核规范,基本上能满足日常需要,同......
  • linux用docker
    1.查看docker运行状态systemctlstatusdocker2.查看docker服务是否自启动systemctlis-enabled docker 3.查看docker下运行的所有容器4.启动docker systemctlstart docker5.启动docker下的容器docker-compose-fdocker-compose.yml up-d或启动指定的容器......
  • Docker
    Docker能够解决的问题——项目部署的问题大型项目组件比较多,容易出现兼容性问题开发、测试、生产环境有差异Docker如何解决依赖的兼容问题?将应用的lib(函数库)、Deps(依赖)、配置与应用一起打包将每个应用放到一个隔离容器去运行,避免相互干扰不同环境的操作系统......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99