[Bug]: No routing/ip tables on fresh install 3.2.9(img release)

Question

[Bug]: No routing/ip tables on fresh install 3.2.9(img release)

brazier opened this issue 9 months ago · 3 comments

brazier commented 9 months ago

Code of Conduct

I agree to follow this project's Code of Conduct.

Issue reporting checklist

I have read and understand the issue reporting policy.
I observed this bug on a clean install of a supported OS.
I have followed the project prerequisites.
I have searched this repository for existing issues.
I checked the FAQ and official documentation.
I am using an external wireless adapter.
I have generated a RaspAP debug log and performed a self-diagnosis.

Operating System

Raspberry Pi OS (64-bit) Lite Bookworm

Quick install or Manual setup?

Quick install

Onboard wireless chipset or external adapter?

Onboard wireless chipset

Hardware

Other

RaspAP version

3.2.5 (Latest)

Other software or services running with RaspAP?

No other software

Contact details (optional)

Bug description

There is no Routing between eth0 and wlan0, adding iptables roules as per: manual install fixes the issue until next reboot.

Testet with clean 2.3.9(multiple times) and 2.3.7 install using the supplied images: https://github.com/RaspAP/raspap-webgui/releases/
Running on a Compute model 3 Using Raspberry Pi Imager v1.8.5 to flash with setting username, password, timezone, locale and ssh-key.

Doing a fresh install of the official Raspberry OS Lite 64bit(2024-11-19) from the raspberry pi imager with same settings as above, then running the quick installer works without any problems.
sudo apt-get update sudo apt-get full-upgrade sudo reboot sudo raspi-config curl -sL https://install.raspap.com | bash

Steps to reproduce

Download .img.zip
Write using Raspberry PI Imager v1.8.5
Connect to AP over wifi (fyi im not using a external adapter)
Eth0 connected to other lan(10.0.0.0/24)
No routing

raspap_debug_img.log

raspap_debug_quick_install.log

Screenshots

No response

Additional context

No response

Relevant log output

Answer 1 · 2025-02-23T18:15:20.000Z

(Also the version should be updated in the form when posting the issue, and perhaps also add the img realese as a install method)

Answer 2 · 2025-02-23T18:43:10.000Z

Inspection of the most recent image build log revealed the following:

Checking iptables rules
/usr/bin/grep: /etc/iptables/rules.v4: No such file or directory
Adding rule: -t nat -A POSTROUTING -j MASQUERADE
iptables: Failed to initialize nft: Protocol not supported
[ x error ]  Unable to execute iptables 
/usr/bin/grep: /etc/iptables/rules.v4: No such file or directory
Adding rule: -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
iptables: Failed to initialize nft: Protocol not supported
[ x error ]  Unable to execute iptables 
Persisting IP tables rules
iptables-save/1.8.9 (nf_tables) Failed to initialize nft: Protocol not supported
[ x error ]  Unable to execute iptables-save

Thanks for reporting

Answer 3 · 2025-02-28T18:11:38.000Z

pi-gen operates in a chroot environment on a mounted filesystem instead of an active OS. For this reason, there are no kernel modules loaded. Configuring iptables or nftables fails because there is no real kernel or network stack running.

The solution (obvious now) is to modify our pi-gen fork to configure these rules on first boot.