search

KatharaFramework / Kathara

A lightweight container-based network emulation system.
https://www.kathara.org/
GNU General Public License v3.0
452 stars 63 forks source link

problem with the ping (nf_tables/iptables-legacy conflict) #215

Closed mharoonj closed 1 year ago

mharoonj commented 1 year ago

i am following this tutorial of kathara but the problem i am facing is that i cannot ping successfully to other ip address. It is sent but never received. I followed every step. I am using ubuntu : 22.04.1 LTS kathara 3.5.5 docker : 20.10.17

I can start kathara example by lstart command but for the first step when we have to ping to 195.11.14.1, it says packet transmitted but 0 received.

THIS is the sample project which i am using. it is on this site

tcaiazzi commented 1 year ago

Hi @mharoonj,

I think that your problem is related to some configuration on your host. Indeed, I just run the lab and it works fine on my Ubuntu 22.04.

image

Are you sure to exec the ping command on the right device (pc1)?

If yes, have you any active firewall on your host?

Can you send me the output of the following command on your host?

iptables -nvL
mharoonj commented 1 year ago

@tcaiazzi I have disabled firewall on my machine

this is screenshot of pc1 image

this is screenshot of my pc terminal : image

tcaiazzi commented 1 year ago

Hi @mharoonj,

I think the problem is related to some iptables issues on your host machine.

It seems that you have both iptbales-legacy and nf_tables, and probably this is causing your issues.

Try to uninstall the docker network plugin:

kathara wipe -f
docker plugin rm -f kathara/katharanp:amd64

Then, try to run the lab again to reinstall the plugin.

If it does not work, can you send me the output of following command?

iptables-legacy -nvL

Moreover, can you also send me a zip of the lab you are running? Just to be sure that everything is ok.

Thanks, Tommaso

mharoonj commented 1 year ago

@tcaiazzi this is how i uninstalled docker network plugin image

this is the screenshot of pc1 and the iptables-legacy -nvL command output image

and for my pc screenshot:

image

i am working on this file kathara-lab_static-routing.zip

tcaiazzi commented 1 year ago

It seems that on your host the Kathara iptables rules are inserted in nf_tables while Docker rules are in iptables-legacy.

This is how the iptables output should look like: image

As you can see from the screenshot, I have both the kt-* and the Docker rules.

Probably, to fix the problem you need to uninstall iptables-legacy version and use only nf_tables.

Let me know if it helps!

mharoonj commented 1 year ago

@tcaiazzi how to or from which command I can uninstall specifically iptables-legacy and tell system to use nf_tables only?

tcaiazzi commented 1 year ago

You have to specify to the OS to use nf_tables. To do so, you can use the following commands:

update-alternatives --set iptables /usr/sbin/iptables-nft
update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
update-alternatives --set arptables /usr/sbin/arptables-nft
update-alternatives --set ebtables /usr/sbin/ebtables-nft

You can find more info here: https://wiki.debian.org/nftables

Let me know if it helps!

mharoonj commented 1 year ago

@tcaiazzi still not working ... it can not even ping google.com

image

tcaiazzi commented 1 year ago

@mharoonj the network scenario is completely isolated from internet, unless you use the --bridged option on a device.

So you cannot ping google from inside the lab.

Try to reboot the host after the usage of update-alternatives.

Then, if the error persist, send to me the new output of iptables.

mharoonj commented 1 year ago

no success this is new output of iptables-legacy image

tcaiazzi commented 1 year ago

Can you also attach the output of nf_tables ?

It seems that your Docker is still using iptables-legacy and not nf_tables.

mharoonj commented 1 year ago

@tcaiazzi is this what you are asking about ? OR there is another command i have to type

image

tcaiazzi commented 1 year ago

Try these steps:

  1. Uninstall Kathara.
  2. Uninstall Docker.
  3. Run once again these commands: 
    update-alternatives --set iptables /usr/sbin/iptables-nft
update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
update-alternatives --set arptables /usr/sbin/arptables-nft
update-alternatives --set ebtables /usr/sbin/ebtables-nft
  4. Reboot your host.
  5. Install Docker following the official guide: https://docs.docker.com/engine/install/ubuntu/
  6. Install Kathara.
  7. Run the lab.
  8. If the problem persist, send me both the output of iptables-legacy -nvL and iptables -nvL while the lab is running.
mharoonj commented 1 year ago

@tcaiazzi it worked now. Thanks for your timely responses. Without you i couldnt have done this. Thanks a lot for your time and dedication.