问题描述:
今天跳板机的一个guacamole用docker重新启动报错了
[root@localhost opt]# docker start d82e9c342a
Error response from daemon: driver failed programming external connectivity on endpoint jms_guacamole_test (159da3efb3893156f4d9bba946a9b): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d / --dport -j DNAT --to-destination 172.17.0.2: ! -i docker0: iptables: No chain/target/match by that name.
(exit status ))
问题原因:
docker服务启动时定义的自定义链DOCKER由于某种原因被清掉
重启docker服务及可重新生成自定义链DOCKER
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/ 0.0.0.0/ ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/ !127.0.0.0/ ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/ 0.0.0.0/
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt: Chain DOCKER ( references)
target prot opt source destination
RETURN all -- 0.0.0.0/ 0.0.0.0/
DNAT tcp -- 0.0.0.0/ 0.0.0.0/ tcp dpt: to:172.17.0.2:
root@router:playbook#iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/ 0.0.0.0/ ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- 0.0.0.0/ !127.0.0.0/ ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/ 0.0.0.0/
MASQUERADE tcp -- 172.17.0.2 172.17.0.2 tcp dpt: Chain DOCKER ( references)
target prot opt source destination
RETURN all -- 0.0.0.0/ 0.0.0.0/
DNAT tcp -- 0.0.0.0/ 0.0.0.0/ tcp dpt: to:172.17.0.2:
解决方法:
重启docker服务后再启动容器
systemctl restart docker docker start d82e9c342a