Почему Docker ругается на Iptables?
Добрый день!
Сразу скажу, что админ я не очень хороший (и докером пользуюсь 2-ой час), и скорее всего жестко туплю, но Docker ругается на Iptable и не хочет прокидывать 8080 порт.
Система: CentOS 7
Kernel:
Linux ****** 3.10.0-327.4.5.el7.x86_64 #1 SMP Mon Jan 25 22:07:14 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
docker -v:
Docker version 1.9.1, build a34a1d5
docker info:
Containers: 12
Images: 14
Server Version: 1.9.1
Storage Driver: devicemapper
Pool Name: docker-253:1-131382-pool
Pool Blocksize: 65.54 kB
Base Device Size: 107.4 GB
Backing Filesystem:
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 2.454 GB
Data Space Total: 107.4 GB
Data Space Available: 17.51 GB
Metadata Space Used: 3.293 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.144 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2015-10-14)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.10.0-327.4.5.el7.x86_64
Operating System: CentOS Linux 7 (Core)
CPUs: 1
Total Memory: 993.1 MiB
Name: *****
ID: *****
WARNING: IPv4 forwarding is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
iptables:
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Запускаю я это все:
docker run -d -p 8080:80 node_test_app node ./
Ответ:
WARNING: IPv4 forwarding is disabled. Networking will not work. ***** Error response from daemon: Cannot start container *****: failed to create endpoint high_mcnulty on network bridge: COMMAND_FAILED: '/sbin/iptables -w2 -t nat -A DOCKER -p tcp -d 0/0 --dport 8080 -j DNAT --to-destination ****.***.****.****:80! -i docker0' failed: iptables: No chain/target/match by that name.
Сразу скажу, что админ я не очень хороший (и докером пользуюсь 2-ой час), и скорее всего жестко туплю, но Docker ругается на Iptable и не хочет прокидывать 8080 порт.
Система: CentOS 7
Kernel:
Linux ****** 3.10.0-327.4.5.el7.x86_64 #1 SMP Mon Jan 25 22:07:14 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
docker -v:
Docker version 1.9.1, build a34a1d5
docker info:
Containers: 12
Images: 14
Server Version: 1.9.1
Storage Driver: devicemapper
Pool Name: docker-253:1-131382-pool
Pool Blocksize: 65.54 kB
Base Device Size: 107.4 GB
Backing Filesystem:
Data file: /dev/loop0
Metadata file: /dev/loop1
Data Space Used: 2.454 GB
Data Space Total: 107.4 GB
Data Space Available: 17.51 GB
Metadata Space Used: 3.293 MB
Metadata Space Total: 2.147 GB
Metadata Space Available: 2.144 GB
Udev Sync Supported: true
Deferred Removal Enabled: false
Deferred Deletion Enabled: false
Deferred Deleted Device Count: 0
Data loop file: /var/lib/docker/devicemapper/devicemapper/data
Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
Library Version: 1.02.107-RHEL7 (2015-10-14)
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.10.0-327.4.5.el7.x86_64
Operating System: CentOS Linux 7 (Core)
CPUs: 1
Total Memory: 993.1 MiB
Name: *****
ID: *****
WARNING: IPv4 forwarding is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
iptables:
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Запускаю я это все:
docker run -d -p 8080:80 node_test_app node ./
Ответ:
WARNING: IPv4 forwarding is disabled. Networking will not work. ***** Error response from daemon: Cannot start container *****: failed to create endpoint high_mcnulty on network bridge: COMMAND_FAILED: '/sbin/iptables -w2 -t nat -A DOCKER -p tcp -d 0/0 --dport 8080 -j DNAT --to-destination ****.***.****.****:80! -i docker0' failed: iptables: No chain/target/match by that name.
Похожие публикации
Какой правильный iptables позволит не зацикливаться при выходе через проброшенный порт?
В чем может быть ошибка в iptables?
Как настроить iptables для 4g модема??
Как пробросить трафик с одного сервера на другой?
INPUT -j DROP блокирует исходящий трафик. Что делать?
Нет комментариев