Tag Archives: docker0: iptables: No chain/target/match by that name.

Docker run error: docker0: iptables: No chain/target/match by that name.

 

Docker operation reported an error. Docker 0: iptables: no chain/target/match by that name.
recently, I installed services on a new server, but I didn’t install iptables. Later, after installing iptables, I suddenly found that my docker couldn’t run
note that other people may not be able to do it. My reason is that I didn’t install iptables on the new server at first. I installed the docker first, and then stopped the default firewall and installed iptables. This is the problem. For other reasons, I don’t know if this method is feasible?First look at the errors:
the following errors were made during the operation:

docker start error
Error response from daemon: No such container: yn-userservice-30000
26126ca87430b74c3987817492cc890e72c36e2fec10d807e362a12f22365160
/usr/bin/docker-current: Error response from daemon: driver failed programming external
 connectivity on endpoint yn-userservice-30000 (5d083ef51f932ac24936713ab3bc1cece9d47feabf4a916cf5da12a4fb2a122a):  
 (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 30000 -j DNAT --to-
 destination 172.17.0.2:30000 ! -i docker0: iptables: No chain/target/match by that name.

Later, I searched the Internet and found that the solution is very simple, as follows:

1. Stop docker service

enter the following command to stop the docker service

systemctl stop docker  or service docker stop

If the stop is successful, then enter docker ps to prompt the following words:

Cannot connect to the Docker daemon. Is the docker daemon running on this host?

Save iptables

2. enter the following command:

iptables-save >  /etc/sysconfig/iptables

I found that the files before and after the firewall configuration file /etc/sysconfig/iptables are as follows. Of course, I can’t understand it, so I will set an inbound port
to save the contents of the previous file:

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10001 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10002 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10003 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10004 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Saved file content:

# Generated by iptables-save v1.4.21 on Sat Nov 24 13:53:13 2018
*nat
:PREROUTING ACCEPT [261:18558]
:INPUT ACCEPT [17:969]
:OUTPUT ACCEPT [4:304]
:POSTROUTING ACCEPT [4:304]
COMMIT
# Completed on Sat Nov 24 13:53:13 2018
# Generated by iptables-save v1.4.21 on Sat Nov 24 13:53:13 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1246:135222]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10001 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10002 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10003 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10004 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Nov 24 13:53:13 2018
3. Start docker service

after saving iptables , you can restart docker. Enter the following command:

systemctl start docker or service docker  start

Set docker to start

4. after setting this, you don’t need to set it again

systemctl enable docker
5, start container

finally, the container was started and no more errors were reported

docker start container id/name