docker-host icon indicating copy to clipboard operation
docker-host copied to clipboard

Published 20 hours ago verified publisher icon qoomon

CHAIN_ADD failed (No such file or directory): chain PREROUTING

Open xehonk opened this issue 1 year ago • 1 comments

In the new release (3.1.4) there is an error, which prevents the container from starting. Only happened on a windows host, not on a linux host. iptables v1.8.10 (nf_tables): CHAIN_ADD failed (No such file or directory): chain PREROUTING

image (21)

xehonk avatar Jun 24 '24 13:06 xehonk

Hmm, do you have any idea why this happens?(I don't have a windows machine)

qoomon avatar Jun 24 '24 15:06 qoomon

@xehonk do you use docker with wsl2 enabled? https://learn.microsoft.com/en-us/windows/wsl/tutorials/wsl-containers

qoomon avatar Jul 03 '24 07:07 qoomon

@qoomon Sorry, I don't have access to the affected machine until next week. I'll find out then.

xehonk avatar Jul 03 '24 11:07 xehonk

So, here's the update: The machine has wsl2 enabled. docker-desktop and docker-desktop-data images are installed.

$ docker run --cap-add=NET_ADMIN --cap-add=NET_RAW qoomon/docker-host:3.1.5
Docker Host: 192.168.65.2 (host.docker.internal)
Forwarding ports: 1-65535
Warning: Extension tcp revision 0 not supported, missing kernel module?
Warning: Extension DNAT revision 0 not supported, missing kernel module?
iptables v1.8.10 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain PREROUTING

$ docker run --cap-add=NET_ADMIN --cap-add=NET_RAW qoomon/docker-host:3.1.4
Docker Host: 192.168.65.2 (host.docker.internal)
Forwarding ports: 1-65535
Warning: Extension tcp revision 0 not supported, missing kernel module?
Warning: Extension DNAT revision 0 not supported, missing kernel module?
iptables v1.8.10 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain PREROUTING

$ docker run --cap-add=NET_ADMIN --cap-add=NET_RAW qoomon/docker-host:3.1.3
Docker Host: 192.168.65.2 (host.docker.internal)
Forwarding ports: 1-65535

I also verified this on another computer running windows. Same result.

xehonk avatar Jul 11 '24 08:07 xehonk

probably it's due to iptables-nft change in alpine version 3.19.0 https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.19.0

qoomon avatar Jul 12 '24 15:07 qoomon

Maybe adding following lines to entrypoint.sh before iptable commands could help

modprobe ip_tables && echo $_ >> /etc/modules
modprobe iptable_nat && echo $_ >> /etc/modules
modprobe iptable_filter && echo $_ >> /etc/modules

qoomon avatar Jul 15 '24 07:07 qoomon

I have not tried this on windows, but even on linux there's this error with your suggested change. I do not think the alpine base image includes these loadable modules.

modprobe: can't change directory to '/lib/modules': No such file or directory

xehonk avatar Jul 15 '24 09:07 xehonk

I'll will try to migrate to nftables maybe this will work

qoomon avatar Jul 15 '24 09:07 qoomon

feel free to try this branch https://github.com/qoomon/docker-host/tree/feature/migrate-to-nftables

https://github.com/qoomon/docker-host/pull/63

qoomon avatar Jul 15 '24 10:07 qoomon

Works on my linux machine, but same error on windows unfortunately: image (22)

xehonk avatar Jul 15 '24 11:07 xehonk

hmm i have no clue what's the reason, or why the iptables legacy solution works

qoomon avatar Jul 15 '24 11:07 qoomon

seems to be related to

  • https://github.com/microsoft/WSL/issues/6044
  • https://github.com/rancher-sandbox/rancher-desktop/issues/6624

qoomon avatar Jul 16 '24 06:07 qoomon

@xehonk I switched to iptables-legacy. Feel free to try version 3.3.0

qoomon avatar Jul 16 '24 10:07 qoomon

I can confirm that it works with 3.3 on windows and linux. here the run from the previously broken windows pc:

image (24)

xehonk avatar Jul 17 '24 12:07 xehonk