• docker端口映射或启动容器时报错Error response from daemon: driver failed programming external connectivity on endpoint


    现象:

    [root@localhost ~]# docker run -d -p 9000:80 centos:httpd /bin/sh -c /usr/local/bin/start.sh
    d5b2bd5a7bc4895a973fe61efd051847047d26385f65c278aaa09e4fa31c4d76
    docker: Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen (6bda693d1143657e46bee0300276aa05820da2b21a3d89441e820d1a274c48b6): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 9000 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
    (exit status 1)).

    [root@localhost ~]# docker start d5b2bd5a7bc4
    Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen (4127da7466709fd45695a1fbe98e13c2ac30c2a554e18fb902ef5a03ba308438): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 9000 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
    (exit status 1))
    Error: failed to start containers: d5b2bd5a7bc4

    原因:

    docker服务启动时定义的自定义链DOCKER由于某种原因被清掉
    重启docker服务及可重新生成自定义链DOCKER
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination        
    DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination        

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination        
    DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination        
    MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0          
    MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:8080

    Chain DOCKER (2 references)
    target     prot opt source               destination        
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0          
    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080
    root@router:playbook#iptables -t nat -nL
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination        
    DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination        

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination        
    DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination        
    MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0          
    MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:8080

    Chain DOCKER (2 references)
    target     prot opt source               destination        
    RETURN     all  --  0.0.0.0/0            0.0.0.0/0          
    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080

    解决:


    重启docker服务后再启动容器
    systemctl restart docker
    docker start foo

  • 相关阅读:
    android布局几点随想
    android_handler(一)
    android surfaView surfaHolder video 播放
    java_synchronized 用法
    android_viewFlipper(一)
    android_handler(二)
    解析pdf文档 (lucene3.5)
    Lucene 搜索(小程序)(Lucene3.5)
    运算符重载(++,<<,>>Data类的重载)
    线程池小程序(Java)
  • 原文地址:https://www.cnblogs.com/wjcoding/p/11790738.html
Copyright © 2020-2023  润新知