[Bug]: failed to intialize firewall: firewall support not found

glanc commented 1 year ago

Contact Details

giacomo@lancella.com

What happened?

testing netmaker 0.18.5 and netclient ver 0.18.5, on all ubuntu hosts most on 22.04.2 lts with nftables active (iptables-nft), I've all these errors in the netclient docker version: and also this error: Nodes are on Ubuntu 22.04.2 LTS and iptables v1.8.7 (nf_tables), nftables v1.0.2 (Lester Gooch). The errors shows up after configuring egress option on the hosts to reach internal subnets. On some nodes, the routes seems to be correctly added but I can ping only the ip of the node exposing the internal subnet. If I manually add an nft rule to masquerade the outgoing interface (like ens18) I can then ping all the internal hosts. PS. same with previous installation 0.18.4

Version

v0.18.5

What OS are you using?

No response

Relevant log output

[netclient] 2023-03-31 12:29:17 netclient daemon started -- version: v0.18.5
[netclient] 2023-03-31 12:29:17 error reading node map from disk open /etc/netclient/nodes.yml: no such file or directory
[netclient] 2023-03-31 12:29:17 adding addresses to netmaker interface
[netclient] 2023-03-31 12:29:17 Starting Proxy...
[netclient] 2023-03-31 12:29:17 netclient message queue started for server: *****
[netclient] 2023-03-31 12:29:17 initialized endpoint detection on port 51722
[netclient] 2023-03-31 12:29:18 mqtt connect handler
[netclient] 2023-03-31 12:29:18 HOSTINFO: {PublicIp:****** PrivIp:192.168.1.252 PubPort:55784 PrivPort:51722 ProxyEnabled:false NatType:doublenat}
[netclient] 2023-03-31 12:29:48 could not connect to broker at *******
[netclient] 2023-03-31 12:29:48 failed to response with ACK to server *******
[netclient] 2023-03-31 12:29:48 received reset
[netclient] 2023-03-31 12:29:48 checkin routine closed
[netclient] 2023-03-31 12:29:48 closed endpoint detection
[netclient] 2023-03-31 12:29:48 Shutting down Proxy.....
[netclient] 2023-03-31 12:29:48 shutting down proxy manager...
[netclient] 2023-03-31 12:29:48 shutting down message queue for server ********
[netclient] 2023-03-31 12:29:48 closing netmaker interface
[netclient] 2023-03-31 12:29:48 restarting daemon
[netclient] 2023-03-31 12:29:48 adding addresses to netmaker interface
[netclient] 2023-03-31 12:29:48 Starting Proxy...
[netclient] 2023-03-31 12:29:48 netclient message queue started for server: ********
[netclient] 2023-03-31 12:29:48 initialized endpoint detection on port 51722
[netclient] 2023-03-31 12:29:48 HOSTINFO: {PublicIp:***** PrivIp:192.168.1.252 PubPort:55784 PrivPort:51722 ProxyEnabled:false NatType:doublenat}
[netclient] 2023-03-31 12:29:48 mqtt connect handler
[netclient] 2023-03-31 12:29:55 determined new endpoint for peer 24vU2kpMZq5i9CY+TRETktDWqepqrXq0tko33uH4ZGQ= - 10.200.10.1:51822
[netclient] 2023-03-31 12:29:56 determined new endpoint for peer V8G1pT76xHWM65iFyiQf9BS0IwulP/jxe0tU3oDAAjU= - 10.200.10.1:51821
[netclient] 2023-03-31 12:30:20 processing node update for network zabbix
[netclient] 2023-03-31 12:30:20 network: zabbix received message to update node 3f68d268-6287-47f4-bc8c-745293286660
[netclient] 2023-03-31 12:30:20 adding addresses to netmaker interface
[netclient] 2023-03-31 12:30:21 network: zabbix signalled finished interface update to server
[netclient] 2023-03-31 12:30:23 Starting firewall...
[netclient] 2023-03-31 12:30:23 iptables is not supported, using nftables
[netclient] 2023-03-31 12:30:23 failed to intialize firewall:  firewall support not found
[netclient] 2023-03-31 12:30:26 Starting firewall...
[netclient] 2023-03-31 12:30:26 iptables is not supported, using nftables
[netclient] 2023-03-31 12:30:26 failed to intialize firewall:  firewall support not found
[netclient] 2023-03-31 12:34:57 Starting firewall...
[netclient] 2023-03-31 12:34:57 iptables is not supported, using nftables
[netclient] 2023-03-31 12:34:57 failed to intialize firewall:  firewall support not found
[netclient] 2023-03-31 12:39:57 Starting firewall...
[netclient] 2023-03-31 12:39:57 iptables is not supported, using nftables
[netclient] 2023-03-31 12:39:57 failed to intialize firewall:  firewall support not found
[netclient] 2023-03-31 12:44:57 Starting firewall...
[netclient] 2023-03-31 12:44:57 iptables is not supported, using nftables
[netclient] 2023-03-31 12:44:57 failed to intialize firewall:  firewall support not found

Contributing guidelines

[X] Yes, I did.

abhishek9686 commented 1 year ago

so you have only iptables-nft installed? what about iptables or ip6tables?

glanc commented 1 year ago

Hello, this is what I've got:

iptables-nft -V iptables v1.8.7 (nf_tables)

ip6tables -V ip6tables v1.8.7 (nf_tables)

ip6tables-nft -V ip6tables v1.8.7 (nf_tables)

There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

Selection Path Priority Status

0 /usr/sbin/iptables-nft 20 auto mode 1 /usr/sbin/iptables-legacy 10 manual mode 2 /usr/sbin/iptables-nft 20 manual mode

Press to keep the current choice[*], or type selection number:

Press to keep the current choice[*], or type selection number: 0 root@home-dockerbox:~# cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=22.04 DISTRIB_CODENAME=jammy DISTRIB_DESCRIPTION="Ubuntu 22.04.2 LTS"

abhishek9686 commented 1 year ago

could you send the output of which iptables and which iptables-nft

glanc commented 1 year ago

root@barto-dockerbox:~# which iptables /usr/sbin/iptables root@barto-dockerbox:~# which iptables-nft /usr/sbin/iptables-nft root@barto-dockerbox:~#

Let me know if you need further info.

glanc commented 1 year ago

Logs is filled with the same message over and over:

[netclient] 2023-04-05 17:07:14 Starting firewall... [netclient] 2023-04-05 17:07:14 iptables is not supported, using nftables [netclient] 2023-04-05 17:07:14 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:12:14 Starting firewall... [netclient] 2023-04-05 17:12:14 iptables is not supported, using nftables [netclient] 2023-04-05 17:12:14 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:17:14 Starting firewall... [netclient] 2023-04-05 17:17:14 iptables is not supported, using nftables [netclient] 2023-04-05 17:17:14 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:22:14 Starting firewall... [netclient] 2023-04-05 17:22:14 iptables is not supported, using nftables [netclient] 2023-04-05 17:22:14 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:27:14 Starting firewall... [netclient] 2023-04-05 17:27:14 iptables is not supported, using nftables [netclient] 2023-04-05 17:27:14 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:32:15 Starting firewall... [netclient] 2023-04-05 17:32:15 iptables is not supported, using nftables [netclient] 2023-04-05 17:32:15 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:37:15 Starting firewall... [netclient] 2023-04-05 17:37:15 iptables is not supported, using nftables [netclient] 2023-04-05 17:37:15 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:42:15 Starting firewall... [netclient] 2023-04-05 17:42:15 iptables is not supported, using nftables [netclient] 2023-04-05 17:42:15 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:47:16 Starting firewall... [netclient] 2023-04-05 17:47:16 iptables is not supported, using nftables [netclient] 2023-04-05 17:47:16 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:52:16 Starting firewall... [netclient] 2023-04-05 17:52:16 iptables is not supported, using nftables [netclient] 2023-04-05 17:52:16 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 17:57:16 Starting firewall... [netclient] 2023-04-05 17:57:16 iptables is not supported, using nftables [netclient] 2023-04-05 17:57:16 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:02:16 Starting firewall... [netclient] 2023-04-05 18:02:16 iptables is not supported, using nftables [netclient] 2023-04-05 18:02:16 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:07:16 Starting firewall... [netclient] 2023-04-05 18:07:16 iptables is not supported, using nftables [netclient] 2023-04-05 18:07:16 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:12:16 Starting firewall... [netclient] 2023-04-05 18:12:16 iptables is not supported, using nftables [netclient] 2023-04-05 18:12:16 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:17:16 Starting firewall... [netclient] 2023-04-05 18:17:16 iptables is not supported, using nftables [netclient] 2023-04-05 18:17:16 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:22:17 Starting firewall... [netclient] 2023-04-05 18:22:17 iptables is not supported, using nftables [netclient] 2023-04-05 18:22:17 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:27:17 Starting firewall... [netclient] 2023-04-05 18:27:17 iptables is not supported, using nftables [netclient] 2023-04-05 18:27:17 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:32:17 Starting firewall... [netclient] 2023-04-05 18:32:17 iptables is not supported, using nftables [netclient] 2023-04-05 18:32:17 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:37:17 Starting firewall... [netclient] 2023-04-05 18:37:17 iptables is not supported, using nftables [netclient] 2023-04-05 18:37:17 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:42:17 Starting firewall... [netclient] 2023-04-05 18:42:17 iptables is not supported, using nftables [netclient] 2023-04-05 18:42:17 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:47:19 Starting firewall... [netclient] 2023-04-05 18:47:19 iptables is not supported, using nftables [netclient] 2023-04-05 18:47:19 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:52:18 Starting firewall... [netclient] 2023-04-05 18:52:18 iptables is not supported, using nftables [netclient] 2023-04-05 18:52:18 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 18:57:18 Starting firewall... [netclient] 2023-04-05 18:57:18 iptables is not supported, using nftables [netclient] 2023-04-05 18:57:18 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 19:02:18 Starting firewall... [netclient] 2023-04-05 19:02:18 iptables is not supported, using nftables [netclient] 2023-04-05 19:02:18 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 19:07:18 Starting firewall... [netclient] 2023-04-05 19:07:18 iptables is not supported, using nftables [netclient] 2023-04-05 19:07:18 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 19:12:18 Starting firewall... [netclient] 2023-04-05 19:12:18 iptables is not supported, using nftables [netclient] 2023-04-05 19:12:18 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 19:17:19 Starting firewall... [netclient] 2023-04-05 19:17:19 iptables is not supported, using nftables [netclient] 2023-04-05 19:17:19 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 19:22:19 Starting firewall... [netclient] 2023-04-05 19:22:19 iptables is not supported, using nftables [netclient] 2023-04-05 19:22:19 failed to intialize firewall: firewall support not found [netclient] 2023-04-05 19:27:19 Starting firewall... [netclient] 2023-04-05 19:27:19 iptables is not supported, using nftables [netclient] 2023-04-05 19:27:19 failed to intialize firewall: firewall support not found

voroskoi commented 1 year ago

Hi,

I got the very same error message on Alpine linux. Iptables is 1.8.9 (legacy). I have tried to install nftables, but the error message does not change.

Thanks,

gravitl / netmaker