docker4drupal: Unable to enable SKIP DNAT rule

Using the docker-compose.yml without changes and can’t bring up the Vanilla Drupal. I have disabled my firewall and stopped local apache.

Codebase

Built-in vanilla Drupal

Host OS

Debian Stretch

Docker info output

$ docker info
Containers: 5
 Running: 4
 Paused: 0
 Stopped: 1
Images: 8
Server Version: 17.09.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0
runc version: 3f2f8b84a77f73d38244dd690525642a72156c64
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.0-4-amd64
Operating System: Debian GNU/Linux 9 (stretch)
OSType: linux
Architecture: x86_64
CPUs: 8
Total Memory: 15.6GiB
Name: ithilien
ID: ZXR4:MQLX:4HLZ:YQNH:EJJE:5S4Q:RXA2:V4OO:T7VF:MGMQ:2ISN:246V
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

WARNING: No swap limit support

Docker compose file

Unchanged Vanilla Drupal

Logs output

$ docker-compose --version
docker-compose version 1.17.1, build 6d101fb
vicki@ithilien [Z:1] {~/projects/d8dev1}$ docker-compose up
Creating d8dev1_mailhog_1 ... 
Creating d8dev1_php_1 ... 
Creating d8dev1_mariadb_1 ... 
Creating d8dev1_traefik_1 ... 
Creating d8dev1_portainer_1 ... 
Creating d8dev1_mailhog_1
Creating d8dev1_traefik_1
Creating d8dev1_mariadb_1
Creating d8dev1_php_1
Creating d8dev1_traefik_1 ... error

ERROR: for d8dev1_traefik_1  Cannot start service traefik: driver failed programming external connectivity on endpoint d8dev1_traefik_1 (12a3d445804deecbc9a5c7a915d8f7a04047eb1cefa8bd8b66af215888cd19e2):  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 8000 -j DNAT --to-destination 172.18.0.3:80 ! -i br-e6cfc0b238c6: iptables: No chain/target/match by that name.
Creating d8dev1_php_1 ... done
Creating d8dev1_nginx_1 ... 
Creating d8dev1_nginx_1 ... done

ERROR: for traefik  Cannot start service traefik: driver failed programming external connectivity on endpoint d8dev1_traefik_1 (12a3d445804deecbc9a5c7a915d8f7a04047eb1cefa8bd8b66af215888cd19e2):  (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 8000 -j DNAT --to-destination 172.18.0.3:80 ! -i br-e6cfc0b238c6: iptables: No chain/target/match by that name.
 (exit status 1))
ERROR: Encountered errors while bringing up the project.

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 2
  • Comments: 17 (1 by maintainers)

Most upvoted comments

https://github.com/moby/moby/issues/16816 looks like your issue, try restarting docker

+120
csandanov on Dec 12, 2017

For anyone who stumbles upon this closed issue:

sudo systemcel restart docker should be sudo systemctl restart docker

+104
SebastianRoll on Jan 3, 2019

After further searching, stress, and much starting/stopping of processes I finally found the magical incantation to get this to work. The simplest way is to restart docker. Of course, I needed to modify the firewall config (I use firehol) to accommodate the interfaces this docker setup uses.

Today was the test. I booted, started my existing LXC containers and did some work. At a break, I decided to test docker4drupal. Running docker-compose up -d resulted in the same error about DNAT. I then did sudo systemcel restart docker, then ran docker-compose up -d and I was amazed that there were no errors. And even more amazed that I could access the site at port 8000 and my LXC containers are still working as expected.

Closing this issues.

+27
quietone1 on Feb 19, 2018

iptables -t filter -N DOCKER execute this command restart the docker solving an issue. This issue you may get if you stop the firewalld after installing docker. If you stop firewalld before installing docker, then you may not get this issue.

+8
sambapython on Mar 5, 2019

For anyone who stumbles upon this closed issue:

sudo systemcel restart docker should be sudo systemctl restart docker

Great do more step to fix it.

  • systemctl restart docker
  • docker-compose up -d
  • iptables --wait -t nat -I DOCKER -i br-f5bd2117dbd3 -j RETURN

This fix this permanently.

+5
devolity on Jul 30, 2020

sudo systemctl restart docker.socket

+3
far0ouk on Nov 24, 2021

i don’t think this should be closed right now. no one got to the bottom of this. restarting docker is not a good fix.

the way i see it is some other service is interfering. a firewall i guess.

+1
vimarshacooray on Aug 18, 2022 
$ sudo systemctl restart docker.socket

This command above worked for me.

+1
jrCleber on Jun 23, 2022

Actually for me it turns out that this error disapear when I reactivate my firewall … sudo systemctl start firewalld.service

+1
luannbertaud on Dec 5, 2021

Found that I had missed some permission settings, https://docker4drupal.readthedocs.io/en/latest/permissions/. I have implemented that, removed all images (wanted to start from scratch) now it fails immediately.

$ docker-compose up -d
Creating network "d8dev1_default" with the default driver
ERROR: Failed to Setup IP tables: Unable to enable SKIP DNAT rule:  (iptables failed: iptables --wait -t nat -I DOCKER -i br-e50975111d95 -j RETURN: iptables: No chain/target/match by that name.
 (exit status 1))
+1
quietone1 on Nov 19, 2017
Read more comments on GitHub
← docker4drupal: 404 error when using latest traefik version
oculante: Error while compiling with Aur package →