目录
1、错误场景和现象
linux开启或重启防火墙后,创建docker自定义网络时
docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 frayernet
报错:[root@VM-16-5-centos home]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 frayernet
Error response from daemon: Failed to Setup IP tables: Unable to enable SKIP DNAT rule: (iptables failed: iptables --wait -t nat -I DOCKER -i br-3d8c7623fb81 -j RETURN: iptables: No chain/target/match by that name.
(exit status 1))
如下:
[root@VM-16-5-centos home]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 frayernet
Error response from daemon: Failed to Setup IP tables: Unable to enable SKIP DNAT rule: (iptables failed: iptables --wait -t nat -I DOCKER -i br-3d8c7623fb81 -j RETURN: iptables: No chain/target/match by that name.
(exit status 1))
2、原因分析
Docker属于容器化技术,如果宿主机防火墙的状态发生了改变,Docker就无法设置容器的IP了
测试尝试启动一个已经存在的mysql容器,
[root@VM-16-5-centos conf]# docker start c092同样会出现错误:
Error response from daemon: driver failed programming external connectivity on endpoint mysql5.7-cdcs-cd (ac43ff409d232efe3eace11b5f2b9d08b8f98c949e7fb43323bc289240560e38): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 3306 -j DNAT --to-destination 172.17.0.3:3306 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1))
Error: failed to start containers: c092
3、解决办法
输入命令service docker restart重启以下Docker即可
[root@VM-16-5-centos home]# service docker restart