没有nat表如何启动docker? [英] How to start docker without nat table?
问题描述
我的系统是
Linux in28-051 3.16.0-4-amd64#1 SMP Debian 3.16.7-ckt11 -1 + deb8u3(2015-08-04)x86_64 GNU / Linux
但是nat表已禁用在我们公司的机器中。所以当我运行docker -d时,问题是
root @ XXXXX:〜#docker -d
INFO [0000] + job init_networkdriver()
INFO [0000] + job serveapi(unix:///var/run/docker.sock)
INFO [0000]在unix上侦听HTTP (/var/run/docker.sock)
无法启用网桥NAT:iptables失败:iptables --wait -t nat -I POSTROUTING -s 172.17.42.1/16! -o docker0 -j MASQUERADE:iptables v1.4.21:不能初始化iptables表`nat':表不存在(你需要insmod吗?)
也许iptables或者你的内核需要升级。
(退出状态3)
INFO [0000] -job init_networkdriver()= ERR(1)
FATA [0000]由于错误关闭守护程序:(退出状态3)
那么有没有办法在没有nat表的情况下运行docker?
更新:
我知道当我启用nat模块时,我可以正常运行docker,但问题是使得nat对我们机器的网络吞吐量有不良影响。所以我想知道,任何方式我可以使用docker没有nat模块?或者任何一个可以解释为什么docker必须使用nat模块。
好的,我终于找到了答案。
使用follow命令可以启动没有iptables的docker。
docker -d --iptables = False&
My system is
Linux in28-051 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u3 (2015-08-04) x86_64 GNU/Linux
But the nat table is disabled in our company machine.So when I run docker -d, the issue is
root@XXXXX:~# docker -d
INFO[0000] +job init_networkdriver()
INFO[0000] +job serveapi(unix:///var/run/docker.sock)
INFO[0000] Listening for HTTP on unix (/var/run/docker.sock)
Unable to enable network bridge NAT: iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.42.1/16 ! -o docker0 -j MASQUERADE: iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)
INFO[0000] -job init_networkdriver() = ERR (1)
FATA[0000] Shutting down daemon due to errors: (exit status 3)
So, there is any way to run docker without nat table?
Update: I know I can run docker normally when I enable the nat module, but the question is enable the nat has a bad effect to our machines' network throughput. So I want to know, any way I can use docker without the nat module? Or any one can explain why docker must use the nat module.
OK, I finally found the answer. Use the follow command can start docker without iptables.
docker -d --iptables=False &
这篇关于没有nat表如何启动docker?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
