参考：
https://blog.csdn.net/NewTyun/article/details/104191062/
https://www.networkinghowtos.com/howto/enable-ip-forwarding-on-ubuntu-13-04/
https://gist.github.com/tzermias/5408466

1. 环境信息

安装ubuntu docker环境
机器1
IP：172.30.30.231
Docker网段：172.17.231.1

机器2
IP：172.30.30.232
Docker网段：172.17.232.1

2. 修改Docker配置

修改/etc/docker/daemon.json配置docker网段，并重启docker服务

在机器1上修改

op@dev-01:~$ cat /etc/docker/daemon.json
{
  "bip": "172.17.231.1/24"
}
op@dev-01:~$ systemctl reestart docker

在机器2上修改

op@dev-02:~$ cat /etc/docker/daemon.json
{
  "bip": "172.17.232.1/24"
}
op@dev-02:~$ systemctl reestart docker

3. 添加路由规则

在机器1上执行

root@dev-01:~# route add -net 172.17.232.0/24 gw 172.30.30.232
root@dev-01:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.30.30.254   0.0.0.0         UG    0      0        0 eth0
172.17.231.0    0.0.0.0         255.255.255.0   U     0      0        0 docker0
172.17.232.0    172.30.30.232   255.255.255.0   UG    0      0        0 eth0
172.30.30.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@dev-01:~#

在机器2上执行

root@dev-02:~# route add -net 172.17.231.0/24 gw 172.30.30.231
root@dev-02:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.30.30.254   0.0.0.0         UG    0      0        0 eth0
172.17.232.0    0.0.0.0         255.255.255.0   U     0      0        0 docker0
172.17.231.0    172.30.30.231   255.255.255.0   UG    0      0        0 eth0
172.30.30.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
root@dev-02:~#

将其写入/etc/rc.local则可以重启机器后仍生效

4. 在两台机器上都配置ip_forward和网卡转发

临时配置ip_forward

root@dev:~# sysctl net.ipv4.ip_forward=1

永久配置ip_forward

编辑配置文件/etc/sysctl.conf，去掉net.ipv4.ip_forward=1前面的#注释，执行sysctl -p使其生效

root@dev:~# cat /etc/sysctl.conf|grep 'net.ipv4.ip_forward'
net.ipv4.ip_forward=1
root@dev:~# sysctl -p

配置网卡转发

root@dev:~# iptables -A FORWARD --in-interface eth0 -j ACCEPT
root@dev:~# iptables --table nat -A POSTROUTING --out-interface docker0 -j MASQUERADE
root@dev:~# iptables-save

5. 测试

在两台机器上分别启动nginx测试docker,默认ip分别为172.17.231.2和172.17.232.2

root@dev:~# docker run -d nginx

在机器1上测试

# 测试ping
root@dev-01:!# ping -c 2 172.17.232.2
PING 172.17.232.2 (172.17.232.2) 56(84) bytes of data.
64 bytes from 172.17.232.2: icmp_seq=1 ttl=63 time=0.255 ms
64 bytes from 172.17.232.2: icmp_seq=2 ttl=63 time=0.239 ms

--- 172.17.232.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.239/0.247/0.255/0.008 ms
# 测试curl
root@dev-01:~# curl 172.17.232.2
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@dev-01:~#

测试成功，同理在机器2上测试一样可以访问。