When I try to create a docker network, I'm getting below errors.
iptables --wait -l FORWARD -o br-31422214d633 -j DOCKER: iptables v1.8.7(nf_tables): RULE_INSERT failed
iptables --wait -l FORWARD -o br-31422214d633 -j DOCKER: iptables v1.8.7(nf_tables): RULE_INSERT failed
DOCKER: iptables v1.8.7(nf_tables): RULE_INSERT failed(invalid argument): rule in chain FORWARD
Can anybody provide some guidance on how to fix this?
OS: RHEL 7
Docker version: 20.10.9
Related
I tried to run a httpd container with the following command:
docker container run -d -p 8080:80 httpd
but when I access localhost:8080, I always get this error ERR_CONNECTION_RESET
it seems some other process is using port 80.
you can reset ports by resetting IP tables.
stop docker service
reset IP tables
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
reset Docker Service
I have a fairly plain Debian Buster install. Debian Buster uses nftables rather than iptables. If I try and run a container with a published port:
sudo docker run -it --rm --name=port-test -p 1234:1234/tcp debian:jessie-slim
then I get this error:
docker: Error response from daemon: driver failed programming external connectivity on endpoint port-test (941052b9f420df39ac3d191dcbe12e97276703903911e7b5172663e7736d59e0): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 1234 -j DNAT --to-destination 172.17.0.2:1234 ! -i docker0: iptables v1.8.2 (nf_tables): Chain 'DOCKER' does not exist
How do I get port publishing working?
Please see this issue and comment:
https://github.com/moby/moby/issues/26824#issuecomment-517046804
You can run sudo update-alternatives --config iptables and sudo update-alternatives --config ip6tables (if you use IPv6), and set it to iptables-legacy which is a compatibility mode that Docker can work with.
I have a CentOS server with two static IP address (192.168.3.100 and 192.168.3.101) on same NIC and two containers running on it with port mapping as below. The containers use the same default 'bridge' network of docker
192.168.3.100:80->80/tcp container1
192.168.3.101:80->80/tcp container2
From the host, I can execute curl 192.168.3.100 or curl 192.168.3.101 and works fine. From the host/containers I can execute curl 172.17.0.2 or curl 172.17.0.3 and works fine.
But I cannot execute curl 192.168.3.100 or curl 192.168.3.101 from neither of these containers. Ends up with error No route to host. I can ping it though.
What am I missing here? I want to try to avoid using a 192 docker network as I do not want to tie up the address space with one machine. Using docker 1.12.6
Output for iptables reject rules iptables -S | grep -i reject
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
Thanks for your input
If you are able to ping and not able to curl and you get no route to host then it mostly means that your packets are getting rejected through firewall.
Check the iptables using sudo iptables -S or sudo iptables -L -n. If you see a REJECT or REJECT using icmp rule than thats the problem.
If you are not worried about iptables and are ok to clear it. Stop the docker service and run the below
$ iptables -F
$ iptables -X
$ iptables -t nat -F
$ iptables -t nat -X
$ iptables -t mangle -F
$ iptables -t mangle -X
This will clear all the tables. Then start the docker service and run the container again
When I try to start docker consul by this command
docker run --restart=unless-stopped -d -p 8500:8500 -h consul progrium/consul -server -bootstrap
it gives the following error.
docker: Error response from daemon: driver failed programming external
connectivity on endpoint tiny_bhaskara
(b53c9aa988d96750bfff7c19c6717b18756c7b92287f0f7a4d9e9fa81f42c43d):
iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0
--dport 8500 -j DNAT --to-destination 172.17.0.2:8500 ! -i docker0: iptables: No chain/target/match by that name.
No idea what's going on!!
From this answer:
Something on your system has removed the docker iptables entries that it needs to work. Two fixes have been suggested here:
For CentOS:
sudo service docker restart
sudo service iptables save
And for Ubuntu:
sudo apt-get install iptables-persistent
sudo service docker restart
iptables-save > /etc/iptables/rules.v4 # you may need to "sudo -s" to get a root shell first
After the restart of docker, you should see the docker chain under the nat table:
iptables -t nat -vL
I am trying to install Docker image of Restcomm on my windows 8.1 laptop by following http://www.telestax.com/rapid-webrtc-application-development-with-restcomm-and-docker/.
I am able to install DOCKER and run the container Hello-world properly.
But when i run the command to create container... "docker run –name=restcomm -d -e STATIC_ADDRESS=”YOUR_HOST_IP_ADDRESS_HERE” -p 8080:8080 -p 5080:5080 -p 5082:5082 -p 5080:5080/udp -p 65000-65535:65000-65535/udp gvagenas/restcomm"
i am getting the following error...
Error response from daemon: Cannot start container c88fcab56034096e98ddcd71d1d2db17e5858b88c64b1859efcb86d740e3972c: failed to create endpoint restcomm on network bridge: iptables failed: iptables --wait -t nat -A DOCKER -p udp -d 0/0 --dport 65116 -j DNAT --to-destination 172.17.0.2:65116 ! -i docker0: (fork/exec /usr/local/sbin/iptables: cannot allocate memory)
Request for your help and suggestion and thanks in advance
Rgds
Ias
This doesn't seem directly related to RestComm Docker image but to docker itself https://github.com/docker/docker/issues/8539 and https://github.com/docker/docker/issues/9139