docker运行报错docker0: iptables: No chain/target/match by that name.

转自:https://blog.csdn.net/wohaqiyi/article/details/84450562

docker运行报错docker0: iptables: No chain/target/match by that name.
  最近在一个新的服务器上装服务，没有安装iptables ,后来安装了iptables 之后，忽然发现我的docker 不能运行了。
  注意，可能别人的不行，我这个原因是，开始在新服务器上没有安装iptables ，先安装的docker ,后来才停用默认的firewall ,安装了iptables,就出现了这样的问题。其他原因，我不知道这方法可行不？先看错误：
  运行时报出了以下错误：
————————————————

启动docker服务报错
Error response from daemon: No such container: yn-userservice-
26126ca87430b74c3987817492cc890e72c36e2fec10d807e362a12f22365160
/usr/bin/docker-current: Error response from daemon: driver failed programming external
 connectivity on endpoint yn-userservice- (5d083ef51f932ac24936713ab3bc1cece9d47feabf4a916cf5da12a4fb2a122a):
 (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d / --dport  -j DNAT --to-
 destination 172.17.0.2: ! -i docker0: iptables: No chain/target/match by that name.

后来在网上找了下，发现解决办法很简单，如下：

1、停止docker服务

  输入如下命令停止docker服务

systemctl stop docker  或者service docker stop

停止成功的话，再输入docker ps 就会提示出下边的话：

Cannot connect to the Docker daemon. Is the docker daemon running on this host?

2、保存 iptables

  输入如下命令：

iptables-save >  /etc/sysconfig/iptables

我发现 防火墙的配置文件/etc/sysconfig/iptables前后文件如下，当然我是看不懂了，我也就会设置个入站端口
  保存之前文件内容：

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [:]
:FORWARD ACCEPT [:]
:OUTPUT ACCEPT [:]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

保存之后的文件内容：

# Generated by iptables-save v1.4.21 on Sat Nov  ::
*nat
:PREROUTING ACCEPT [:]
:INPUT ACCEPT [:]
:OUTPUT ACCEPT [:]
:POSTROUTING ACCEPT [:]
COMMIT
# Completed on Sat Nov  ::
# Generated by iptables-save v1.4.21 on Sat Nov  ::
*filter
:INPUT ACCEPT [:]
:FORWARD ACCEPT [:]
:OUTPUT ACCEPT [:]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport  -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Nov  :: 

3、启动docker服务

  保存了iptables后,可以重新启动docker了。输入如下命令：

systemctl start docker 或者service docker  start

4、将docker设置为开机启动

  设置过这个就不需要再设置了

systemctl enable docker

5、启动容器

  最后启动容器，发现不再报错了。

docker start 容器id/名字