转自:https://blog.csdn.net/wohaqiyi/article/details/84450562
docker运行报错docker0: iptables: No chain/target/match by that name.
最近在一个新的服务器上装服务,没有安装iptables ,后来安装了iptables 之后,忽然发现我的docker 不能运行了。
注意,可能别人的不行,我这个原因是,开始在新服务器上没有安装iptables ,先安装的docker ,后来才停用默认的firewall ,安装了iptables,就出现了这样的问题。其他原因,我不知道这方法可行不?先看错误:
运行时报出了以下错误:
————————————————
启动docker服务报错 Error response from daemon: No such container: yn-userservice-30000 26126ca87430b74c3987817492cc890e72c36e2fec10d807e362a12f22365160 /usr/bin/docker-current: Error response from daemon: driver failed programming external connectivity on endpoint yn-userservice-30000 (5d083ef51f932ac24936713ab3bc1cece9d47feabf4a916cf5da12a4fb2a122a): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 30000 -j DNAT --to- destination 172.17.0.2:30000 ! -i docker0: iptables: No chain/target/match by that name.
后来在网上找了下,发现解决办法很简单,如下:
1、停止docker服务
输入如下命令停止docker服务
systemctl stop docker 或者service docker stop
停止成功的话,再输入docker ps
就会提示出下边的话:
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
2、保存 iptables
输入如下命令:
iptables-save > /etc/sysconfig/iptables
我发现 防火墙的配置文件/etc/sysconfig/iptables
前后文件如下,当然我是看不懂了,我也就会设置个入站端口
保存之前文件内容:
# sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 10001 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 10002 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 10003 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 10004 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
保存之后的文件内容:
# Generated by iptables-save v1.4.21 on Sat Nov 24 13:53:13 2018 *nat :PREROUTING ACCEPT [261:18558] :INPUT ACCEPT [17:969] :OUTPUT ACCEPT [4:304] :POSTROUTING ACCEPT [4:304] COMMIT # Completed on Sat Nov 24 13:53:13 2018 # Generated by iptables-save v1.4.21 on Sat Nov 24 13:53:13 2018 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1246:135222] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 10001 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 10002 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 10003 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 10004 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Sat Nov 24 13:53:13 2018
3、启动docker服务
保存了iptables
后,可以重新启动docker了。输入如下命令:
systemctl start docker 或者service docker start
4、将docker设置为开机启动
设置过这个就不需要再设置了
systemctl enable docker
5、启动容器
最后启动容器,发现不再报错了。
docker start 容器id/名字
原文地址:https://www.cnblogs.com/ziye/p/11684765.html
时间: 2024-10-14 21:25:06