Open wangliangliang2 opened 3 years ago
publicarray
commented
3 years ago @wangliangliang2 did you contact Synology first? I think it makes more sense for them to work on this. iptables is just the user space tool using the netfilter subsystem in the Linux kernel.
wangliangliang2
commented
3 years ago Yep,they don't want to take care of it.
if you can understand chinese, you can read this.
hgy59
commented
3 years ago @wangliangliang2 can you paste the text here? so anybody can use google translate to understand the content.
hgy59
commented
3 years ago @wangliangliang2 as far as I was able to translate the chinese text, this screenshot is not about iptables, but about a thirdparty docker image and the guy of synology is asking on how to use the docker image...
wangliangliang2
commented
3 years ago @wangliangliang2 as far as I was able to translate the chinese text, this screenshot is not about iptables, but about a thirdparty docker image and the guy of synology is asking on how to use the docker image...
it's a part of chatting content. this picture just prove a fact that they consider that problem as docker's fault and can't offer more help. but in fact the way of that said , it is just a way to shirk responsibility
wangliangliang2
commented
3 years ago the picture's content comes from a chatting that I told them synology lack of some iptables ro files and some xtables content which make docker ipv6 can't work normally.
wangliangliang2
commented
3 years ago @hgy59 hi. this issue can close, if you want. I compile ipv6 module and iptables 1.6.0 and fix this problem. the fix repo
hgy59
commented
3 years ago @wangliangliang2 thanks for implementation and doc of a fix. I suppose you have to apply the fix after each DSM update (and maybe you have to rebuild and update the installed libraries too).
wangliangliang2
commented
3 years ago yep, until synology do they job.
j0rd
commented
3 years ago Synology Kernel (on my device) is 3.10 which was released 30 June 2013.
I've been looking into kernel upgrades on Synology all of today to get my docker images working. There's a lot of people complaining, but doesn't appears anyone has taken this on, including Synology.
It's kind of crazy to think that Synology doesn't have a new kernel with DSM 7 and this is the first time I'm finding out about it as well. It really makes me want to ditch the system and get something else to be honest.
Some of their code for the kernel is in their sourceforge (lol, they need to get on github) including kernel code (although I read their patches/changes are out of date)
sjtuross
commented
2 years ago Not only ip6tables, but some iptables modules for ipv4 are missing too, which are required to run transparent proxy. I have to manually build the below modules. It would be much easier to have a Synology package to get them installed and loaded automatically. This is the hardest part for most users. Other tweaks can be manually done per needs I think.
netfilter kernel modules
/lib/modules/ip_set_hash_net.ko
/lib/modules/xt_connmark.ko
/lib/modules/nf_tproxy_core.ko (not needed for ds918+ with kernel 4.4.59, but required for ds3617 with kernel 3.10.105)
/lib/modules/xt_TPROXY.koiptables user modules
/usr/lib/iptables/libxt_CONNMARK.so
/usr/lib/iptables/libxt_connmark.so
/usr/lib/iptables/libxt_mangle.so
/usr/lib/iptables/libxt_mark.so
/usr/lib/iptables/libxt_TPROXY.soI put together the compile instructions, some usage scenarios and pre-compiled netfilter and iptable modules for some systems in my repo https://github.com/sjtuross/syno-iptables. It's written in Chinese. Use Google Translate for English.
this issue was a request to let this repo include iptables. because this issue for me was sovled, I change the first comment to this in order to save your guys time. for synology_apollolake_918+ DSM 6.2.3-25426 please use the fix repo other version please rebuild iptables and ipv6 module for yourselves.