Mapping docker port is failed

问题

Created new docker image(rm/node:10.0) with centos7 using below dockerfile.

FROM rm/node:9.0
EXPOSE 3000

WORKDIR /Reader_Manager/SISPlatform/Auth
RUN npm install

WORKDIR /Reader_Manager/SISPlatform/Auth/portal
CMD npm run-script dev-server-linux

"npm run-script dev-server-linux" will invoke below command which defined in package.json file

"dev-server-linux": "export NODE_ENV=development && pm2 start --no-daemon AuthServer -o ../../logs/pm2/out/auth_out.log -e ../../logs/pm2/err/auth_error.log --log-date-format 'DD-MM-YYYY HH:mm:ss.SSS'",

When i tried to run created docker image in background it is running.

docker run -d rm/node:10.0
08633576828fe33ba880c7b6a40dd9306c885d24ce36a765a459f5acc8e91808
Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.


docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS               NAMES
08633576828f        rm/node:10.0        "/bin/sh -c 'npm run-"   About a minute ago   Up About a minute   3000/tcp            nostalgic_gates

As i am running nodejs inside the container, exposed the 3000 port. So i tried to map 3000 port, but it is failed with error.

[dkanagaraj@localhost docker_test]$ docker run -p 3000:3000 -d rm/node:10.0
3160c27cd2ee964474d137024c1f392dafe5242874842b5f5cdf28a4dfb27e51
Error response from daemon: Cannot start container 3160c27cd2ee964474d137024c1f392dafe5242874842b5f5cdf28a4dfb27e51: failed to create endpoint big_wing on network bridge: COMMAND_FAILED: '/sbin/iptables -w2 -t nat -A DOCKER -p tcp -d 0/0 --dport 3000 -j DNAT --to-destination 172.17.0.3:3000 ! -i docker0' failed: iptables: No chain/target/match by that name.

回答1:

Something on your system has removed the docker iptables entries that it needs to work. Two fixes have been suggested here:

For CentOS:

sudo service docker restart
sudo service iptables save

And for Ubuntu:

sudo apt-get install iptables-persistent
sudo service docker restart
iptables-save > /etc/iptables/rules.v4 # you may need to "sudo -s" to get a root shell first

After the restart of docker, you should see the docker chain under the nat table:

iptables -t nat -vL

来源：https://stackoverflow.com/questions/37679691/mapping-docker-port-is-failed