【发布时间】:2015-10-18 11:15:24
【问题描述】:
我正在尝试运行容器,但遇到以下问题:
Error response from daemon: Cannot start container b005715c40ea7d5821b15c44f5b7f902d4b39da7c83468f3e5d7c042e5fe3fbd: iptables failed: iptables --wait -t filter -A DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.43 --dport 80 -j ACCEPT: iptables: No chain/target/match by that name.
(exit status 1)
这是我使用的命令:
docker run -d -p 10080:80 -v /srv/http/website/data:/srv/http/www/data -v /srv/http/website/logs:/srv/http/www/logs myimage
在我的服务器上打开端口 80 还不够吗? docker界面有什么我错过的吗? 我将 iptables 与这样的脚本一起使用:
#!/bin/sh
# reset :
iptables -t filter -F
iptables -t filter -X
# Block all :
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
# Authorize already established connections :
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Authorize backloop :
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
# Authorize ssh :
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT
# Authorize HTTP :
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
# Authorize HTTPS :
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
# Authorize DNS :
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
# Ping :
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT
# Authorize FTP :
iptables -t filter -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 20 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 21 -j ACCEPT
# # Authorize NTP :
# iptables -t filter -A INPUT -p udp --dport 123 -j ACCEPT
# iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
# Authorize IRC :
iptables -t filter -A INPUT -p tcp --dport 6667 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 6667 -j ACCEPT
# Authorize port 10000 (for Node.JS server) :
iptables -t filter -A INPUT -p tcp --dport 10000 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 10000 -j ACCEPT
# Authorize port 631 (Cups server) :
iptables -t filter -A INPUT -p tcp --dport 631 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 631 -j ACCEPT
# Authorize port 9418 (git) :
iptables -t filter -A INPUT -p tcp --dport 9418 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 9418 -j ACCEPT
我该如何解决这个问题?
【问题讨论】:
-
我在answer之前回答过这个问题