docker: Error response from daemon: driver failed programming external connectivity on endpoint frosty_montalcini (5f23d1b819d9b55a229a9fb789c7f0897123b7e218694eefbc31487e8e4883a6): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 8082 -j DNAT --to-destination 172.17.0.5:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).
复制这个报错Error response from daemon提示是daemon给了一个错误的响应
daemon是这个
[root@qianhanyi ~]# ps -ef|grep dockerd root 16921 1 2 04:12 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock复制
为何能给response,因为dockerd是个RESTful的API server
[root@qianhanyi ~]# docker version
Client: Docker Engine - Community
Version: 23.0.1
API version: 1.42 # 这里
# 有空考虑写一个api操作docker的文章
复制报错提到了iptables,这是关键线索
以centos7为例
确保你的firewalld正常
[root@qianhanyi ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-11-18 04:12:19 CST; 7min ago Docs: man:firewalld(1) Main PID: 16655 (firewalld) Tasks: 2 Memory: 23.6M CGroup: /system.slice/firewalld.service └─16655 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid ... Hint: Some lines were ellipsized, use -l to show in full.复制
运行一个容器,比如nginx的
[root@qianhanyi ~]# docker run -itd -p 8082:80 nginx 253fe5d60b8446612ae76bee9476eeb96b3c294b46a7c87c3c21ffe26dcaa1ec [root@qianhanyi ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 253fe5d60b84 nginx "/docker-entrypoint.…" 4 seconds ago Up 3 seconds 0.0.0.0:8082->80/tcp, :::8082->80/tcp infallible_pasteur复制
浏览器访问ip:8082,可能会无法访问
此时你想到了防火墙的原因
停了吧
[root@qianhanyi ~]# systemctl stop firewalld [root@qianhanyi ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since Fri 2022-11-18 04:26:36 CST; 8s ago Docs: man:firewalld(1) Process: 16655 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 16655 (code=exited, status=0/SUCCESS) ... Nov 18 04:26:35 qianhanyi systemd[1]: Stopping firewalld - dynamic firewall daemon... Nov 18 04:26:36 qianhanyi systemd[1]: Stopped firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full.复制
此时应该能访问了
过了一会,你又启动了一个容器
[root@qianhanyi ~]# docker run -itd -p 8083:80 nginx 4a7658f1669a76fd990e5757afe8c32d09fee6bf6b6fa55426e2abf0d88f29e0 docker: Error response from daemon: driver failed programming external connectivity on endpoint gracious_sutherland (0f46051611e83ef3e69c84bc17b2ef4f60ca03fe729020ba8348c2f845f0d26f): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 8083 -j DNAT --to-destination 172.17.0.5:80 ! -i docker0: iptables: No chain/target/match by that name. (exit status 1)).复制
至此复现了问题
此时你只需重启下docker应用程序
[root@qianhanyi ~]# systemctl restart docker
# 当然你要关注下,你之前启动的其他容器有没有配置--restart=always, 如果没有那些容器记得需要的话启动下
复制再次启动容器
[root@qianhanyi ~]# docker run -itd -p 8083:80 nginx 803cfa1c24b7c1a0934551fa19915c9abee1b22a2ed8a7a86268a9b244c88e7e复制