Error: Failed to run: ip6tables -w -t nat -I POSTROUTING...

Question

Error: Failed to run: ip6tables -w -t nat -I POSTROUTING...

Closed this issue 6 years ago · 5 comments

Here<s a simple description of the issue. Let me know if additionnal error output is needed.

Distribution: Archlinux
Version

commit 2673d34dac73040e54428f37518d3b1293d36df4 (HEAD -> master, origin/master, origin/HEAD)
Author: Michael Schubert <schu@schu.io>
Date:   Sat Apr 27 14:20:32 2019 +0200

    Update runc to latest release, v1.0.0-rc8
    
    Resolves #5

Error:

$ kubedee up test --kubernetes-version v1.13.0
Creating network for test ...
Error: Failed to run: ip6tables -w -t nat -I POSTROUTING -s fd42:33fa:9ef0:97be::/64 ! -d fd42:33fa:9ef0:97be::/64 -j MASQUERADE -m comment --comment generated for LXD network kubedee-ym1v2y: ip6tables: No chain/target/match by that name.

List of chain present for the nat table with ip6tables.

$ sudo ip6tables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LIBVIRT_PRT  all      *      *       ::/0                 ::/0                

Chain LIBVIRT_PRT (1 references)
 pkts bytes target     prot opt in     out     source               destination

Answer 1 · 2019-05-04T21:25:34.000Z

Thank you for the report! I'll try to take a look as soon as possible tomorrow or early next week.

Could you also tell me which lxd and liblxc version (lxc info | grep driver_version) you are using? Does the problem remain when restarting lxd? Does lxc-checkconfig look good?

Answer 2 · 2019-05-05T19:53:33.000Z

Sup,

Yes, the issue remains after restarting the LXD daemon (snap)
LXD driver version:

$ lxc info | grep driver_version
 driver_version: 3.1.0

Sharing relevant details from the output of the lxc-checkconfig command

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, loaded
CONFIG_NF_NAT_IPV6: enabled, loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
FUSE (for use with lxcfs): enabled, loaded

Answer 3 · 2019-05-19T14:12:58.000Z

I tried to reproduce the issue in a Vagrant VM (vagrant init archlinux/archlinux ; vagrant up) but don't encounter the error and kubedee smoke-test ... succeeds.

Is apparmor enabled on your system? Any clue in sudo snap logs -n=all lxd maybe?

Answer 4 · 2019-06-02T23:11:57.000Z

Don't have this issue anymore when running the latest version.

Thanks for the help.

Answer 5 · 2019-06-03T15:37:09.000Z

Good to know, thanks for the update!