linux-router icon indicating copy to clipboard operation
linux-router copied to clipboard

Published 20 hours ago verified publisher icon garywill

iptables: Couldn't load match `comment':No such file or directory

Open Ale32bit opened this issue 4 years ago • 5 comments
trafficstars

Upon running sudo lnxrouter --ap wlan0 Alex -p #### iptables fails.

WARN: brmfmac driver doesn't work properly with virtual interfaces and
      it can cause kernel panic. For this reason we disallow virtual
      interfaces for your adapter.
      For more info: https://github.com/oblique/create_ap/issues/203
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
PID: 3969
Target interface is wlan0 (dc:a6:32:ae:05:4b)
Use random LAN IPv4 address 192.168.77.1
haveged_watchdog PID: 4041

Starting hostapd
hostapd PID: 4044
Configuration file: /dev/shm/lnxrouter_tmp/lnxrouter.wlan0.conf.ycq/hostapd.conf
wlan0: Could not connect to kernel driver
Using interface wlan0 with hwaddr dc:a6:32:ae:05:4b and ssid "Alex"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED

iptables: NAT
iptables v1.8.2 (nf_tables): Couldn't load match `comment':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
Error occured


Doing cleanup..
Terminated
Killed 4041 lnxrouter
wlan0: interface state ENABLED->DISABLED
wlan0: AP-DISABLED
wlan0: CTRL-EVENT-TERMINATING
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Killed 4044 hostapd
iptables: stop NAT
iptables: unallow DNS
iptables: unallow dhcp
Exiting: This is the only running instance
Cleaning up done

Ale32bit avatar Apr 02 '21 17:04 Ale32bit

iptables v1.8.2 (nf_tables): Couldn't load match `comment':No such file or directory

~~Your iptables is nftables backend. I haven't used or tested with it. Am using legacy iptables.~~

You can try modify https://github.com/garywill/linux-router/blob/1e3c5004c307cd6ba23aaddf401c72ee5c26b81b/lnxrouter#L796-L805 delete -m comment --comment "lnxrouter-$$-$SUBNET_IFACE"

~~If still see problem, try use legacy iptables. For example switch to legacy like~~ ~~https://github.com/oblique/create_ap/issues/373~~ ~~https://github.com/oblique/create_ap/issues/433~~

garywill avatar Apr 03 '21 01:04 garywill

Before nftables support plan maded, I'm considering an option to specify iptables legacy path

You can also modify above code iptables to /path/to/iptables-legacy

garywill avatar Apr 03 '21 03:04 garywill

Tried switching to iptables-legacy and the error still happens

iptables: NAT
iptables v1.8.2 (legacy): Couldn't load match `comment':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
Error occured

Am I missing something?

Ale32bit avatar Apr 03 '21 09:04 Ale32bit

Couldn't load match `comment':No such file or directory

your iptables doesn't support comment. Delete -m comment --comment "lnxrouter-$$-$SUBNET_IFACE" (see above said). It's a workaround.

What OS are you using? What version?

Googling found https://github.com/kubernetes-sigs/kind/issues/1461 CONFIG_NETFILTER_XT_MATCH_COMMENT not set on some system On a working system lsmod|grep table output ~~should~~(not necessary) contain xt_comment

garywill avatar Apr 03 '21 11:04 garywill

~~Added a comment module judgement~~

Update: User can set environment variable NETFILTER_XT_MATCH_COMMENT=0, if wants to disable '-m comment'

garywill avatar Apr 17 '21 04:04 garywill