search

garywill / linux-router

Set Linux as router in one command. Support Internet sharing, redsocks, Wifi hotspot, IPv6. Can also be used for routing VM/containers 🛰️ (也欢迎关注B站 https://space.bilibili.com/2123686105 )
GNU Lesser General Public License v2.1
1.71k stars 152 forks source link

iptables: Couldn't load match `comment':No such file or directory #18

Closed Ale32bit closed 1 year ago

Ale32bit commented 3 years ago

Upon running sudo lnxrouter --ap wlan0 Alex -p #### iptables fails.

WARN: brmfmac driver doesn't work properly with virtual interfaces and
      it can cause kernel panic. For this reason we disallow virtual
      interfaces for your adapter.
      For more info: https://github.com/oblique/create_ap/issues/203
WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt
PID: 3969
Target interface is wlan0 (dc:a6:32:ae:05:4b)
Use random LAN IPv4 address 192.168.77.1
haveged_watchdog PID: 4041

Starting hostapd
hostapd PID: 4044
Configuration file: /dev/shm/lnxrouter_tmp/lnxrouter.wlan0.conf.ycq/hostapd.conf
wlan0: Could not connect to kernel driver
Using interface wlan0 with hwaddr dc:a6:32:ae:05:4b and ssid "Alex"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED

iptables: NAT
iptables v1.8.2 (nf_tables): Couldn't load match `comment':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
Error occured

Doing cleanup..
Terminated
Killed 4041 lnxrouter
wlan0: interface state ENABLED->DISABLED
wlan0: AP-DISABLED
wlan0: CTRL-EVENT-TERMINATING
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Killed 4044 hostapd
iptables: stop NAT
iptables: unallow DNS
iptables: unallow dhcp
Exiting: This is the only running instance
Cleaning up done
garywill commented 3 years ago

iptables v1.8.2 (nf_tables): Couldn't load match `comment':No such file or directory

Your iptables is nftables backend. I haven't used or tested with it. Am using legacy iptables.

You can try modify https://github.com/garywill/linux-router/blob/1e3c5004c307cd6ba23aaddf401c72ee5c26b81b/lnxrouter#L796-L805 delete -m comment --comment "lnxrouter-$$-$SUBNET_IFACE"

If still see problem, try use legacy iptables. For example switch to legacy like https://github.com/oblique/create_ap/issues/373 https://github.com/oblique/create_ap/issues/433

garywill commented 3 years ago

Before nftables support plan maded, I'm considering an option to specify iptables legacy path

You can also modify above code iptables to /path/to/iptables-legacy

Ale32bit commented 3 years ago

Tried switching to iptables-legacy and the error still happens

iptables: NAT
iptables v1.8.2 (legacy): Couldn't load match `comment':No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
Error occured

Am I missing something?

garywill commented 3 years ago

Couldn't load match `comment':No such file or directory

your iptables doesn't support comment. Delete -m comment --comment "lnxrouter-$$-$SUBNET_IFACE" (see above said). It's a workaround.

What OS are you using? What version?

Googling found https://github.com/kubernetes-sigs/kind/issues/1461 CONFIG_NETFILTER_XT_MATCH_COMMENT not set on some system On a working system lsmod|grep table output should(not necessary) contain xt_comment

garywill commented 3 years ago

Added a comment module judgement

Update: User can set environment variable NETFILTER_XT_MATCH_COMMENT=0, if wants to disable '-m comment'