Iptables: No chain/target/match by that name is an error while running a Docker container.
Confused about how running a Docker caused an iptables error?
This is because Docker works in correlation with iptables.
At Bobcares, we get requests to fix docker iptables errors, as a part of our Server Management Services.
Today, let’s have a look at how our Support Engineers fix this error.
Docker and iptables
Docker is one of the popular container software. It allows both Developers and Sysadmins to develop, setup, and run applications. Whereas, iptables is the built-in firewall for Linux based systems.
So how does a Docker relates to the Linux firewall iptables?
Usually, on Linux, Docker modifies or creates iptables rules. And the purpose is to provide network isolation. Iptables add these rules to the DOCKER chain.
While running the Docker, these rules come into action. Iptables allow all the rules predefined by Docker. This works fine until both Docker and firewall work in correlation. Let’s now see how this leads to an error.
Docker error iptables no chain/target/match by that name
Many of our customers approach us with Docker iptables errors. But, this error shows up when the user is running a Docker.
While users execute the command to run the Docker, it checks for the firewall status. When the firewall is down, it shows up the error. A Docker iptables error in laravel-nginx server appears as,
This is the complete error message. Here the message says that the driver has difficulty in connecting to the endpoint. Let’s see how our Support Engineers fix this error.
Fix for Docker error iptables no chain/target/match
This error indicates a missing firewall chain while the Docker is running.
That is, sometimes users delete the DOCKER chain from iptables. Otherwise, users restart the firewall service while the Docker is running. Hence, removing the iptables rules created by Docker.
In both cases, Docker loses its correlation with iptables. And results in Docker error.
Our customers often approach us with this error. Firstly, we check if the firewall service status using
systemctl status iptables.serviceIf the service is down we restart the service.
Then, we check the iptables rules using the command
iptables -L
The docker firewall rules were missing thus it shows the error.
To resolve the error our Support Engineers restart the docker service. For instance, to restart the docker we use the command,
service docker restart
While restarting the Docker, it automatically creates the firewall rules. And we ensure to enable the firewall before restarting the docker.
Similarly, executing rules without specifying table-name can result in the same error message.
For example, consider the command,
iptables -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
Here the PREROUTING chain belongs to the NAT table. As the user hasn’t specified the name, it considers it as default table. And this results in an error.
In this case, our Support Team asks the customers to execute the command by specifying table-name.
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
Hence this fixes the error.
[Need help in fixing Docker iptables error? – We’ll help you.]
Conclusion
In short, iptables no chain/target/match by that name Docker error occur due to non-correlation. In Linux Docker creates iptables rules. The error shows up if the firewall is not in correlation with the Docker. Today, we saw how our Support Engineers fix this error.
0 Comments