[Package Request] rebuild iptables, make docker ipv6 work normally

[wangliangliang2]

this issue was a request to let this repo include iptables. because this issue for me was sovled, I change the first comment to this in order to save your guys time. for synology_apollolake_918+ DSM 6.2.3-25426 please use the fix repo other version please rebuild iptables and ipv6 module for yourselves.

[publicarray]

@wangliangliang2 did you contact Synology first? I think it makes more sense for them to work on this. iptables is just the user space tool using the netfilter subsystem in the Linux kernel.

[wangliangliang2]

Yep，they don't want to take care of it. if you can understand chinese, you can read this.

[hgy59]

@wangliangliang2 can you paste the text here? so anybody can use google translate to understand the content.

[hgy59]

@wangliangliang2 as far as I was able to translate the chinese text, this screenshot is not about iptables, but about a thirdparty docker image and the guy of synology is asking on how to use the docker image...

[wangliangliang2]

@wangliangliang2 as far as I was able to translate the chinese text, this screenshot is not about iptables, but about a thirdparty docker image and the guy of synology is asking on how to use the docker image...

it's a part of chatting content. this picture just prove a fact that they consider that problem as docker's fault and can't offer more help. but in fact the way of that said , it is just a way to shirk responsibility

[wangliangliang2]

the picture's content comes from a chatting that I told them synology lack of some iptables ro files and some xtables content which make docker ipv6 can't work normally.

[wangliangliang2]

@hgy59 hi. this issue can close, if you want. I compile ipv6 module and iptables 1.6.0 and fix this problem. the fix repo

[hgy59]

@wangliangliang2 thanks for implementation and doc of a fix. I suppose you have to apply the fix after each DSM update (and maybe you have to rebuild and update the installed libraries too).

[wangliangliang2]

yep, until synology do they job.

[j0rd]

Synology Kernel (on my device) is 3.10 which was released 30 June 2013.

I've been looking into kernel upgrades on Synology all of today to get my docker images working. There's a lot of people complaining, but doesn't appears anyone has taken this on, including Synology.

It's kind of crazy to think that Synology doesn't have a new kernel with DSM 7 and this is the first time I'm finding out about it as well. It really makes me want to ditch the system and get something else to be honest.

Some of their code for the kernel is in their sourceforge (lol, they need to get on github) including kernel code (although I read their patches/changes are out of date)

https://sourceforge.net/projects/dsgpl/

[sjtuross]

Not only ip6tables, but some iptables modules for ipv4 are missing too, which are required to run transparent proxy. I have to manually build the below modules. It would be much easier to have a Synology package to get them installed and loaded automatically. This is the hardest part for most users. Other tweaks can be manually done per needs I think.

netfilter kernel modules

/lib/modules/ip_set_hash_net.ko
/lib/modules/xt_connmark.ko
/lib/modules/nf_tproxy_core.ko (not needed for ds918+ with kernel 4.4.59, but required for ds3617 with kernel 3.10.105)
/lib/modules/xt_TPROXY.ko

iptables user modules

/usr/lib/iptables/libxt_CONNMARK.so
/usr/lib/iptables/libxt_connmark.so
/usr/lib/iptables/libxt_mangle.so
/usr/lib/iptables/libxt_mark.so
/usr/lib/iptables/libxt_TPROXY.so

[sjtuross]

I put together the compile instructions, some usage scenarios and pre-compiled netfilter and iptable modules for some systems in my repo https://github.com/sjtuross/syno-iptables. It's written in Chinese. Use Google Translate for English.