When you start a container, you may experience the following problems, such as starting the Redis container:
sudo docker run-d-P 6379:6379--name redis redis:latest Linux Code docker:error response from daemon:failed to create Endpoint Redis on network bridge:iptables failed:iptables--wait-t nat-a docker-p tcp-d 10.211.55.9--dport 6379-j Dnat--to-destination 172.17.0.4:6379! -I docker0:iptables:No Chain/target/match by that name. (Exit status 1).
By analyzing the exception information, it is found that the NAT table rule is not found in the iptables rule of the Docker host when the original address is converted to the target address, only the filter table rule.
To add the NAT table configuration rule information on the filter table, it needs to be explained that the network segment of the Docker container is 172.17.0.0/16, and the corresponding configuration of Docker chain should be noticed in the filter table.
Sudo vi/etc/sysconfig/iptables Shell Code # sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *nat : prerouting accept [27:11935] :input accept [0:0] : OUTPUT ACCEPT [0:0] :P ostrouting accept [0:0] :D ocker -[0:0] -a prerouting -m addrtype --dst-type local -j docker -A OUTPUT !-d 127.0.0.0/8-m addrtype --dst-type LOCAL -j DOCKER -a postrouting -s 172.17.0.0/16!-o docker0 -j masquerade COMMIT # *filter :input accept [0:0] :forward accept [0:0] : OUTPUT ACCEPT [0:0] :D ocker -[0:0] -a forward -o docker0 -j DOCKER -a forward -o docker0 -m conntrack --ctstate related,established -j accept -a forward -i docker0 !-o docker0 -j ACCEPT -a forward -i docker0 -o docker0 -j accept -a input -m state --state related,established -j accept -a input -p icmp -j accept -a input -i lo -j ACCEPT -a input -p tcp -m state --state new -m tcp --dport 22-j accept -a input -p tcp -m state -- state new -m tcp --dport 9090-j accept -a input -p tcp -m state --state NEW -m tcp --dport 1521-j ACCEPT -a input -p tcp -m state --state NEW -m tcp --dport 6379-j ACCEPT -a input -j reject --reject-with icmp-host-prohibited -A forward -j reject --reject-with icmp-host-prohibited COMMIT
Restart Iptables
sudo systemctl restart Iptables.service
Reboot the container.