Error Messages:
[root@localhost ~]# docker run -d -p 9000:80 centos:httpd /bin/sh -c /usr/local/bin/start.sh
d5b2bd5a7bc4895a973fe61efd051847047d26385f65c278aaa09e4fa31c4d76
docker: Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen (6bda693d1143657e46bee0300276aa05820da2b21a3d89441e820d1a274c48b6): (iptables failed: iptables –wait -t nat -A DOCKER -p tcp -d 0/0 –dport 9000 -j DNAT –to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).
[root@localhost ~]# docker start d5b2bd5a7bc4
Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen (4127da7466709fd45695a1fbe98e13c2ac30c2a554e18fb902ef5a03ba308438): (iptables failed: iptables –wait -t nat -A DOCKER -p tcp -d 0/0 –dport 9000 -j DNAT –to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1))
Error: failed to start containers: d5b2bd5a7bc4

Reason:

The custom chain DOCKER defined at the start of the docker service is cleared for some reason
Restart the docker service and regenerate the custom chain DOCKERs
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  —  172.17.0.0/16        0.0.0.0/0
MASQUERADE  tcp  —  172.17.0.2           172.17.0.2           tcp dpt:8080

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  —  0.0.0.0/0            0.0.0.0/0
DNAT       tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080
root@router:playbook#iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  —  172.17.0.0/16        0.0.0.0/0
MASQUERADE  tcp  —  172.17.0.2           172.17.0.2           tcp dpt:8080

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  —  0.0.0.0/0            0.0.0.0/0
DNAT       tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080

Solution:

Restart the docker service and then start the container
systemctl restart docker
docker start foo

Similar Posts:

• Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen
• Driver failed programming external connectivity on endpoint query_allen
• docker: Error response from daemon: driver failed programming external connectivity on endpoint lamp
• Error response from daemon: driver failed programming external connectivity on endpoint test: (iptables failed: iptables –wait -t nat -A DOCKER…: No chain/target/match by that name.
• [Solved] Docker Container Start Error: iptables: No chain/target/match by that name
• Docker’s error response from daemon [How to Solve]
• ERROR: Failed to Setup IP tables: Unable to enable SKIP DNAT rule
• [Solved] MYSQL ERROR 2003 (HY000): can’t connect to MySQL server (10060)
• Docker run error: docker0: iptables: No chain/target/match by that name.
• Linux Script Example: iptables-nat.sh