catalogs
- 1. The problem
- 2. Analytical principles
- 3. Problem solving
1. The problem
The following issues arose
That is, a simple test of the run command
Run a simple command without portstomcat:docker run -d -P --name tomcat01 tomcat
docker: Error response from daemon: driver failed programming external connectivity on endpoint tomcat01 (00028237b8dd7b21dbce757be3bf2df0e0fcfa6c3987cac68c42d2fb6603b42d):
(iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 49162 -j DNAT --to-destination 172.17.0.2:8080 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).
- 1
- 2
- 3
- 4
2. Analytical principles
After doing a lot of research on the internet, mainly because the startup of thedockercontainer or when doing docker configurations, but also configurations such as restart for firewall settings
This will clear the docker related configuration, resulting in no docker chain being displayed when querying firewall rulesiptables -L
Query iptables chain
And the underlying principles of docker containers:
When starting docker will automatically register a chain in iptables, through the firewall chain can also be found in its registration information, the main registration of these chains, is the docker in the container in order to expose the port to use
The specific reason is that you removed the chain in iptables
There are many ways to remove links
- Restart firewalld firewall can be cleared, firewalld is centos7 or above, iptables is centos6 or below will have, and the bottom of firewalld is involved in iptables, in the start of firewalld will automatically remove the iptables chain of related links
- Other ways to remove the link bloggers have not yet encountered a special case, to be found!
So when it comes to firewall firewalld commands or commands in iptables
Carefully remove its chain involving docker
For these two commands in particular, check out their blogger's related posts
linux firewall commands firewall, iptable and port number detailed interpretation (full)
3. Problem solving
Since it was a firewalld reboot that caused the
And a docker reboot will chain it back to registered iptables again
Well, we just need to restart the docker container to fix the problem.
systemctl restart docker
- 1
Chaining the querier docker againiptables -L
Or by querying with this commandiptables -t nat -nL