docker運行報錯docker0: iptables: No chain/target/match by that name.

轉自:https://blog.csdn.net/wohaqiyi/article/details/84450562

 

docker運行報錯docker0: iptables: No chain/target/match by that name.
  最近在一個新的服務器上裝服務，沒有安裝iptables ,后來安裝了iptables 之后，忽然發現我的docker 不能運行了。
  注意，可能別人的不行，我這個原因是，開始在新服務器上沒有安裝iptables ，先安裝的docker ,后來才停用默認的firewall ,安裝了iptables,就出現了這樣的問題。其他原因，我不知道這方法可行不？先看錯誤：
  運行時報出了以下錯誤：
————————————————

啟動docker服務報錯
Error response from daemon: No such container: yn-userservice-30000
26126ca87430b74c3987817492cc890e72c36e2fec10d807e362a12f22365160
/usr/bin/docker-current: Error response from daemon: driver failed programming external
 connectivity on endpoint yn-userservice-30000 (5d083ef51f932ac24936713ab3bc1cece9d47feabf4a916cf5da12a4fb2a122a):  
 (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 30000 -j DNAT --to-
 destination 172.17.0.2:30000 ! -i docker0: iptables: No chain/target/match by that name.

后來在網上找了下，發現解決辦法很簡單，如下：

1、停止docker服務

  輸入如下命令停止docker服務

systemctl stop docker  或者service docker stop

停止成功的話，再輸入docker ps 就會提示出下邊的話：

Cannot connect to the Docker daemon. Is the docker daemon running on this host?

2、保存 iptables

  輸入如下命令：

iptables-save >  /etc/sysconfig/iptables

我發現 防火牆的配置文件/etc/sysconfig/iptables前后文件如下，當然我是看不懂了，我也就會設置個入站端口
  保存之前文件內容：

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10001 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10002 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10003 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10004 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

保存之后的文件內容：

 

# Generated by iptables-save v1.4.21 on Sat Nov 24 13:53:13 2018
*nat
:PREROUTING ACCEPT [261:18558]
:INPUT ACCEPT [17:969]
:OUTPUT ACCEPT [4:304]
:POSTROUTING ACCEPT [4:304]
COMMIT
# Completed on Sat Nov 24 13:53:13 2018
# Generated by iptables-save v1.4.21 on Sat Nov 24 13:53:13 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1246:135222]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10001 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10002 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10003 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10004 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Nov 24 13:53:13 2018

3、啟動docker服務

  保存了iptables后,可以重新啟動docker了。輸入如下命令：

systemctl start docker 或者service docker  start

4、將docker設置為開機啟動

  設置過這個就不需要再設置了

systemctl enable docker

5、啟動容器

  最后啟動容器，發現不再報錯了。

docker start 容器id/名字