Skip to content

Docker daemon fails to start: Unable to create NAT rule: Chain 'MASQUERADE' does not exist #46400

New issue
New issue
Open
Open
Docker daemon fails to start: Unable to create NAT rule: Chain 'MASQUERADE' does not exist#46400
Labels
area/networkingNetworkingkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.version/24.0
@kamikazechaser

Description

@kamikazechaser
kamikazechaser
opened on Sep 5, 2023

Description

Docker daemon fails to start.

Log from journalctl:

Sep 05 14:11:50 neon systemd[1]: Failed to start Docker Application Container Engine.
Sep 05 14:11:52 neon systemd[1]: docker.service: Scheduled restart job, restart counter is at 2.
Sep 05 14:11:52 neon systemd[1]: Stopped Docker Application Container Engine.
Sep 05 14:11:52 neon systemd[1]: Starting Docker Application Container Engine...
Sep 05 14:11:52 neon dockerd[2261]: time="2023-09-05T14:11:52.577471732+08:00" level=info msg="Starting up"
Sep 05 14:11:52 neon dockerd[2261]: time="2023-09-05T14:11:52.689040639+08:00" level=info msg="[graphdriver] using prior storage driver: overlay2"
Sep 05 14:11:52 neon dockerd[2261]: time="2023-09-05T14:11:52.689265351+08:00" level=info msg="Loading containers: start."
Sep 05 14:11:52 neon dockerd[2261]: time="2023-09-05T14:11:52.853667883+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Sep 05 14:11:52 neon dockerd[2261]: time="2023-09-05T14:11:52.942244455+08:00" level=info msg="stopping event stream following graceful shutdown" error="<nil>" module=libcontainerd namespace=moby
Sep 05 14:11:52 neon dockerd[2261]: time="2023-09-05T14:11:52.942907870+08:00" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby
Sep 05 14:11:52 neon dockerd[2261]: failed to start daemon: Error initializing network controller: error creating default "bridge" network: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE: iptables v1.8.7 (nf_tables): Chain 'MASQUERADE' does not exist
Sep 05 14:11:52 neon dockerd[2261]: Try `iptables -h' or 'iptables --help' for more information.
Sep 05 14:11:52 neon dockerd[2261]:  (exit status 2))
Sep 05 14:11:52 neon systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE

Reproduce

docker ps
sudo systemctl restart docker

Expected behavior

Docker daemon should start up

docker version

Client: Docker Engine - Community
 Version:           24.0.5
 API version:       1.43
 Go version:        go1.20.6
 Git commit:        ced0996
 Built:             Fri Jul 21 20:35:45 2023
 OS/Arch:           linux/amd64
 Context:           default
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

docker info

Client: Docker Engine - Community
 Version:    24.0.5
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.20.2
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
errors pretty printing info

Additional Info

OS info: MX Linux 21 Linux neon 6.4.0-2mx-ahs-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.4.4-3~mx21ahs (2023-08-10) x86_64 GNU/Linux

Output from ip a:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether e8:6a:64:ac:d0:81 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 28:39:26:04:4f:7f brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.108/24 brd 192.168.0.255 scope global dynamic noprefixroute wlan0
       valid_lft 5973sec preferred_lft 5973sec
    inet6 fe80::847f:3a91:749c:91a2/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default 
    link/ether 02:42:f5:b5:5d:45 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

I have tried the following to no avail:

  • Completely uninstalled and reinstalled docker
  • ip link del docker0
  • sudo rm /var/lib/docker/network/files/local-kv.db
  • sudo rm -rf /var/lib/docker/network

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/networkingNetworkingkind/bugBugs are bugs. The cause may or may not be known at triage time so debugging may be needed.version/24.0

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions