Open Johnnii360 opened 3 months ago
Related? https://github.com/mailcow/mailcow-dockerized/issues/5798
Edit: Sorry, you already commented that...
Related? #5798
Yepp, thanks!
Having the same problem.. When I stop the mailcow, clear all the references from the IP and IPv6 table, netfilter container will work for couple days but after a while it starts crashing again.. I did this like 5 times by now.. What is causing this please?? Thanks!
mailcowdockerized-netfilter-mailcow-1 | 9 more attempts in the next 600 seconds until 194.169.175.17/32 is banned
mailcowdockerized-netfilter-mailcow-1 | MAILCOW target is in position 11 in the ip forward table, restarting container to fix it...
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | Using NFTables backend
mailcowdockerized-netfilter-mailcow-1 | Clearing all bans
mailcowdockerized-netfilter-mailcow-1 | Clear completed: ip6
mailcowdockerized-netfilter-mailcow-1 | Initializing mailcow netfilter chain
mailcowdockerized-netfilter-mailcow-1 | MAILCOW ip6 chain created successfully.
mailcowdockerized-netfilter-mailcow-1 | Setting MAILCOW isolation
mailcowdockerized-netfilter-mailcow-1 | Watching Redis channel F2B_CHANNEL
mailcowdockerized-netfilter-mailcow-1 | MAILCOW target is in position 11 in the ip forward table, restarting container to fix it...
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip6 nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | Using NFTables backend
mailcowdockerized-netfilter-mailcow-1 | Clearing all bans
mailcowdockerized-netfilter-mailcow-1 | Clear completed: ip6
mailcowdockerized-netfilter-mailcow-1 | Initializing mailcow netfilter chain
mailcowdockerized-netfilter-mailcow-1 | MAILCOW ip6 chain created successfully.
mailcowdockerized-netfilter-mailcow-1 | Setting MAILCOW isolation
mailcowdockerized-netfilter-mailcow-1 | Watching Redis channel F2B_CHANNEL
mailcowdockerized-netfilter-mailcow-1 | MAILCOW target is in position 11 in the ip forward table, restarting container to fix it...
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip nat is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip6 filter is managed by iptables-nft, do not touch!
mailcowdockerized-netfilter-mailcow-1 | # Warning: table ip6 nat is managed by iptables-nft, do not to^C
Having same issue on my end with this.
Today I switched from iptables to nftables on my Debian 11 server. After configuration of related services like fail2ban and restart of Docker and Fail2Ban the issue persists. When I do an update I also get the following message: iptables v1.8.7 (nf_tables): table 'nat' is incompatible, use 'nft' tool.
I crawled a bit through the docker-compose.yml and mailcow.conf but didn't find any option to related to the "nat" issue.
Same issue here...
Contribution guidelines
I've found a bug and checked that ...
Description
Logs:
Steps to reproduce:
Which branch are you using?
master
Which architecture are you using?
x86
Operating System:
Debian 11.9
Server/VM specifications:
32 GB DDR3-RAM, Intel Xeon E3-1245 V2 with 4 Cores and 8 Threads
Is Apparmor, SELinux or similar active?
yes, Apparmor
Virtualization technology:
Dedicated Server, no virtualization; MAILCOW is dockerized
Docker version:
26.0.0
docker-compose version or docker compose version:
v2.11.1
mailcow version:
2024-02
Reverse proxy:
Apache
Logs of git diff:
Logs of iptables -L -vn:
Logs of ip6tables -L -vn:
Logs of iptables -L -vn -t nat:
Logs of ip6tables -L -vn -t nat:
DNS check: