Closed glanc closed 1 year ago
glanc
commented
1 year ago testing 0.18.5 and same problem: [netclient] 2023-03-31 13:49:50 Starting firewall... [netclient] 2023-03-31 13:49:50 iptables is not supported, using nftables [netclient] 2023-03-31 13:49:50 failed to intialize firewall: firewall support not found
jalbstmeijer
commented
1 year ago Had the same issue, using netclient 0.18.x in Docker.
investigating the logs further I found;
netclient | ./netclient.sh: line 5: wg: command not found
netclient | [netclient] joining networkThe netclient Docker image seems to be missing the wireguard-tools pakage.
For now fixed it by overriding the entrypoint in docker-compose.
entrypoint: bash -c "apk add wireguard-tools; /bin/bash netclient.sh"I don't get the firewall error after this anymore.
FADEC44
commented
1 year ago For now fixed it by overriding the entrypoint in docker-compose.
entrypoint: bash -c "apk add wireguard-tools; /bin/bash netclient.sh"I don't get the firewall error after this anymore.
Have you upgraded to v0.20.0? This workaround no longer works for me after upgrading. Getting "firewall support not found" again.
Update: Appears to be working with this entrypoint override
bash -c "apk add ip6tables ;/bin/bash netclient.sh"@FADEC44
Can confirm the first workaround does not help anymore on docker image v0.20.0
it now reports:
netclient | [netclient] 2023-05-20 08:56:32 [firewall_linux.go-31] newFirewall(): iptables is not supported, using nftables
netclient | [netclient] 2023-05-20 08:56:32 [daemon.go-63] Daemon(): unable to set IPForwarding firewall support not found Thank you for finding the next workaround!
But still it should be for now;
entrypoint: bash -c "apk add wireguard-tools ip6tables; /bin/bash netclient.sh"As the "wg" binary is still missing in the docker image and it is used for the cleanup function when netclient is terminated.
I will open a new issue now to point the docker image maintainers to these missing dependencies. But maybe also useful for the main developers, as netclient is not very clear on the reason it concludes iptables is not supported.
mattkasun
commented
1 year ago iptables and iptables6 installed in netclient docker image
testing netmaker 0.18.4. netclient ver 0.18.4, on all ubuntu hosts most on 22.04.2 lts with nftables active (iptables-nft), I've all these errors in the netclient docker version: "[netclient] 2023-03-30 10:16:30 Starting firewall... [netclient] 2023-03-30 10:16:30 iptables is not supported, using nftables [netclient] 2023-03-30 10:16:30 failed to intialize firewall: firewall support not found" and also this error:"[netclient] 2023-03-30 10:21:29 error adding route no such device". The netclient version is 0.18.4, Ubuntu 22.04.2 LTS and iptables v1.8.7 (nf_tables), nftables v1.0.2 (Lester Gooch). The errors shows up only if I configure egress option on the hosts to reach internal subnets. The routes seems to be correctly added to the rest of the allowed nodes but I can ping only the ip of the node exposing the internal subnet. If I manually add an nft rule to masquerade the outgoing interface (like ens18) I can then ping all the internal hosts. If you need further info just le me know.