Tag Archives: Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen

Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen is reported when docker port mapping or starting the container

Leave a reply

phenomenon:

[root@localhost ~]# docker run -d -p 9000:80 centos:httpd /bin/sh -c /usr/local/bin/start.sh
d5b2bd5a7bc4895a973fe61efd051847047d26385f65c278aaa09e4fa31c4d76
docker: Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen (6bda693d1143657e46bee0300276aa05820da2b21a3d89441e820d1a274c48b6): (iptables failed: iptables –wait -t nat -A DOCKER -p tcp -d 0/0 –dport 9000 -j DNAT –to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).

[root@localhost ~]# docker start d5b2bd5a7bc4
Error response from daemon: driver failed programming external connectivity on endpoint quirky_allen (4127da7466709fd45695a1fbe98e13c2ac30c2a554e18fb902ef5a03ba308438): (iptables failed: iptables –wait -t nat -A DOCKER -p tcp -d 0/0 –dport 9000 -j DNAT –to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1))
Error: failed to start containers: d5b2bd5a7bc4

 

Reason:

The custom chain DOCKER defined when the docker service is started is cleared for some reason.
Restart the docker service and regenerate the custom chain. DOCKER
Chain PREROUTING (policy ACCEPT)
target prot opt ​​source destination        
DOCKER all – 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target prot opt ​​source destination        

Chain OUTPUT (policy ACCEPT)
target prot opt ​​source destination        
DOCKER all – 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target prot opt ​​source destination        
MASQUERADE all – 172.17.0.0/16 0.0.0.0/0          
MASQUERADE  tcp  —  172.17.0.2           172.17.0.2           tcp dpt:8080

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  —  0.0.0.0/0            0.0.0.0/0
DNAT       tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080
root@router:playbook#iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  —  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  —  172.17.0.0/16        0.0.0.0/0
MASQUERADE  tcp  —  172.17.0.2           172.17.0.2           tcp dpt:8080

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  —  0.0.0.0/0            0.0.0.0/0
DNAT       tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:8888 to:172.17.0.2:8080

Solution:

Restart the docker service and then start the container
systemctl restart docker
docker start foo