发表新帖
发表新帖

Running docker container : iptables: No chain/target/match by that name

后端 未结
关注
6 506
野趣味
野趣味 2021-01-30 04:20

I\'m trying to run a container but I get the following issue :

Error response from daemon: Cannot start container b005715c40ea7d5821b15c44f5b7f902d4b39da7c83468f
相关标签:
6条回答
  • 轻奢々
    2021-01-30 04:45

    I get same problem, After install firewalld.

    I fix it by:

    service firewalld stop
service docker restart
    0 讨论(0)
  • 失恋的感觉
    2021-01-30 04:49

    Faced the same issue on RHEL 7. Restarting docker service worked for me without a need to flush any iptable rules.

    $ sudo systemctl restart docker
    0 讨论(0)
  • 余生分开走
    2021-01-30 04:51

    The error may happen because it is trying to affect the iptables "DOCKER" filter chain, but is not there.

    The option --iptables=false prevents docker from changing the iptables configuration.

    (Source: https://docs.docker.com/v17.09/engine/userguide/networking/default_network/container-communication/#communicating-to-the-outside-world)

    If you opt for fixing the iptables docker filter chain, here's how to.

    You can actually edit the iptables and add it, so that it looks like in the example here Docker: How to re-create dockers additional iptables rules?

    Like this

    sudo vi /etc/sysconfig/iptables

    Add the ":DOCKER" lines

    *nat
:PREROUTING ACCEPT [144:8072]
:INPUT ACCEPT [87:5208]
:OUTPUT ACCEPT [118:8055]
:POSTROUTING ACCEPT [118:8055]
:DOCKER - [0:0]
... your previous rules here ...
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5781:5099614]
:DOCKER - [0:0]
... your previous rules here ...
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
COMMIT

    Restart... e.g. 

    service iptables restart

    A good "further read" link where it is well explained

    https://medium.com/@ebuschini/iptables-and-docker-95e2496f0b45

    0 讨论(0)
  • 栀梦
    2021-01-30 04:53

    In irc.freenode.net#docker you have stated that you are using Arch Linux ARM on a Raspberry Pi.

    If you are not running this script as a part of a systemd service, I would strongly suggest moving to that, or making use of the existing iptables services and using their ability to save/restore the tables at the appropriate times. If you choose to move to your own services, make sure that the unit states that it is ordered Before=docker.service

    0 讨论(0)
  • 粉色の甜心
    2021-01-30 04:56

    I faced the same problem in a docker-compose setup.

    1. Clear all chains:

    sudo iptables -t filter -F
sudo iptables -t filter -X

    2. Then restart Docker Service:

    systemctl restart docker
    0 讨论(0)
  • 情深已故
    2021-01-30 05:01

    I believe the issue is within this lines:

    iptables -t filter -F

    iptables -t filter -X

    which indeeds clear all chains. One possible solution is to launch the docker daemon after the iptables setup script. Otherwise you will need to explicitly removes chains you're interested in.

    0 讨论(0)
 看不清?
提交回复
热议问题