Skip to content

Docker doesn't work with iptables v1.8.1 #38099

New issue
New issue
Closed
#38120
Closed
Docker doesn't work with iptables v1.8.1#38099
#38120
Labels
area/networkingNetworking
@flbla

Description

@flbla
flbla
opened on Oct 29, 2018

Description
When I try to deploy a container and expose it on a port it failed with this error since I updated iptables to v1.8.1 :

docker run -p 80:80 nginx 

docker: Error response from daemon: driver failed programming external connectivity on endpoint hopeful_kapitsa (f6bcba259f5ab3db1043515bb81dedad2b8aca51e2164fc8e9786d9fc45cfd7c):  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables v1.8.1 (nf_tables): Chain 'DNAT' does not exist
 (exit status 1)).
ERRO[0000] error waiting for container: context canceled

docker version : 18.06.1-ce
iptables v1.8.1

Steps to reproduce the issue:

  1. Install iptables v1.8.1
  2. Deploy a container on a port (for example: docker run -p 80:80 nginx)

Describe the results you received:

docker run -p 80:80 nginx 

docker: Error response from daemon: driver failed programming external connectivity on endpoint hopeful_kapitsa (f6bcba259f5ab3db1043515bb81dedad2b8aca51e2164fc8e9786d9fc45cfd7c):  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables v1.8.1 (nf_tables): Chain 'DNAT' does not exist
 (exit status 1)).
ERRO[0000] error waiting for container: context canceled

Output of docker version:

Client:
 Version:           18.06.1-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        e68fc7a
 Built:             Tue Aug 21 17:24:43 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.1-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       e68fc7a
  Built:            Tue Aug 21 17:23:06 2018
  OS/Arch:          linux/amd64
  Experimental:     false

EDIT:

If I downgrade, it works with those packages/version:

libip6tc0=1.6.2-1.1   
libiptc0=1.6.2-1.1  
libxtables12=1.6.2-1.1  
iptables=1.6.2-1.1

So the issue is related to those packages/version:

libip6tc0=1.8.1-2 
libiptc0=1.8.1-2 
libxtables12=1.8.1-2 
iptables=1.8.1-2

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/networkingNetworking

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions