【DockerCE】运行Docker的服务器报“Failed to Setup IP tables“的解决方法

cnskylee

已于 2022-05-27 15:37:54 修改

阅读量9.8k

点赞数 14

分类专栏： Docker 文章标签： docker docker-ce docker-compose

于 2022-01-14 07:04:26 首次发布

本文链接：https://blog.csdn.net/cnskylee/article/details/122486449

版权

Docker 专栏收录该内容

48 篇文章

订阅专栏

背景说明：如果在docker服务启动之后，再执行关闭系统防火墙的操作，那后续执行启动docker容器（docker-compose up -d）或者创建docker 网络（docker create network），会出现下面的报错。

报错信息：Error response from daemon: Failed to Setup IP tables: Unable to enable SKIP DNAT rule: (iptables failed: iptables --wait -t nat -I DOCKER -i br-b649822bbcff -j RETURN: iptables: No chain/target/match by that name. (exit status 1))

# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service
# systemctl start docker.service
# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.7.1-docker)
  scan: Docker Scan (Docker Inc., v0.12.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.12
 Storage Driver: overlay2
  Backing Filesystem: xfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 7b11cfaabd73bb80907dd23182b9347b4245eb5d
 runc version: v1.0.2-0-g52b36a2
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 3.10.0-1160.el7.x86_64
 Operating System: CentOS Linux 7 (Core)
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 3.84GiB
 Name: elastic-node-102
 ID: 527L:W7BX:X3G4:ERAY:GMCT:3ZYS:XBFH:7MS6:Z7YS:E37M:MHPR:WJ5X
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
# docker pull docker.elastic.co/elasticsearch/elasticsearch:7.16.2
7.16.2: Pulling from elasticsearch/elasticsearch
da847062c6f6: Pull complete 
f9947111a3a4: Pull complete 
5f47506629dc: Pull complete 
6728f6016cfb: Pull complete 
3ee4bcac6dc4: Pull complete 
cbb4caf74f49: Pull complete 
60e3e554a3bf: Pull complete 
64906e427669: Pull complete 
96b7ea4c4a98: Pull complete 
Digest: sha256:055ab3c3466c6bd72ef42f7773c5fa224db4fb7cd6a9a5588ebe46642a15abf5
Status: Downloaded newer image for docker.elastic.co/elasticsearch/elasticsearch:7.16.2
docker.elastic.co/elasticsearch/elasticsearch:7.16.2
# docker images
REPOSITORY                                      TAG       IMAGE ID       CREATED       SIZE
docker.elastic.co/elasticsearch/elasticsearch   7.16.2    66c29cde15ce   3 weeks ago   646MB
# systemctl stop firewalld
# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
# docker-compose up -d
[+] Running 0/1
 ⠿ Network elasticsearch_elastic  Error                                                                                                                                                                                                0.1s
failed to create network elasticsearch_elastic: Error response from daemon: Failed to Setup IP tables: Unable to enable SKIP DNAT rule:  (iptables failed: iptables --wait -t nat -I DOCKER -i br-f333e157be00 -j RETURN: iptables: No chain/target/match by that name.
 (exit status 1))
# docker network  create --driver bridge es-net
Error response from daemon: Failed to Setup IP tables: Unable to enable SKIP DNAT rule:  (iptables failed: iptables --wait -t nat -I DOCKER -i br-b649822bbcff -j RETURN: iptables: No chain/target/match by that name.
 (exit status 1))

解决方法：重启docker服务。

# systemctl restart docker
# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since 四 2022-01-13 17:20:31 CST; 5s ago
     Docs: https://docs.docker.com
 Main PID: 10591 (dockerd)
    Tasks: 8
   Memory: 31.8M
   CGroup: /system.slice/docker.service
           └─10591 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

1月 13 17:20:30 elastic-node-102 dockerd[10591]: time="2022-01-13T17:20:30.830596176+08:00" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/containerd.sock  <nil> 0 <nil>}] <nil> <nil>}" module=grpc
1月 13 17:20:30 elastic-node-102 dockerd[10591]: time="2022-01-13T17:20:30.830623458+08:00" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
1月 13 17:20:30 elastic-node-102 dockerd[10591]: time="2022-01-13T17:20:30.840421830+08:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
1月 13 17:20:30 elastic-node-102 dockerd[10591]: time="2022-01-13T17:20:30.845657646+08:00" level=info msg="Loading containers: start."
1月 13 17:20:30 elastic-node-102 dockerd[10591]: time="2022-01-13T17:20:30.979942106+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to se...rred IP address"
1月 13 17:20:31 elastic-node-102 dockerd[10591]: time="2022-01-13T17:20:31.025504240+08:00" level=info msg="Loading containers: done."
1月 13 17:20:31 elastic-node-102 dockerd[10591]: time="2022-01-13T17:20:31.046895829+08:00" level=info msg="Docker daemon" commit=459d0df graphdriver(s)=overlay2 version=20.10.12
1月 13 17:20:31 elastic-node-102 dockerd[10591]: time="2022-01-13T17:20:31.047021292+08:00" level=info msg="Daemon has completed initialization"
1月 13 17:20:31 elastic-node-102 systemd[1]: Started Docker Application Container Engine.
1月 13 17:20:31 elastic-node-102 dockerd[10591]: time="2022-01-13T17:20:31.064913481+08:00" level=info msg="API listen on /var/run/docker.sock"
Hint: Some lines were ellipsized, use -l to show in full.
# docker-compose up -d
[+] Running 7/7
 ⠿ Network elasticsearch_elastic  Created                                                                                                                                                                                              0.1s
 ⠿ Volume "elasticsearch_data01"  Created                                                                                                                                                                                              0.0s
 ⠿ Volume "elasticsearch_data02"  Created                                                                                                                                                                                              0.0s
 ⠿ Volume "elasticsearch_data03"  Created                                                                                                                                                                                              0.0s
 ⠿ Container es03                 Started                                                                                                                                                                                              0.8s
 ⠿ Container es01                 Started                                                                                                                                                                                              0.8s
 ⠿ Container es02                 Started                     
# docker ps
CONTAINER ID   IMAGE                                                  COMMAND                  CREATED         STATUS         PORTS                                                 NAMES
07a47b052bce   docker.elastic.co/elasticsearch/elasticsearch:7.16.2   "/bin/tini -- /usr/l…"   9 minutes ago   Up 9 minutes   9200/tcp, 9300/tcp                                    es03
a54a0c8f09ed   docker.elastic.co/elasticsearch/elasticsearch:7.16.2   "/bin/tini -- /usr/l…"   9 minutes ago   Up 9 minutes   9200/tcp, 9300/tcp                                    es02
e0d4846aca5d   docker.elastic.co/elasticsearch/elasticsearch:7.16.2   "/bin/tini -- /usr/l…"   9 minutes ago   Up 9 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 9300/tcp   es01