search

qoomon / docker-host

A docker sidecar container to forward all traffic to local docker host or any other host
MIT License
1.1k stars 88 forks source link

CHAIN_ADD failed (No such file or directory): chain PREROUTING #62

Closed xehonk closed 3 months ago

xehonk commented 4 months ago

In the new release (3.1.4) there is an error, which prevents the container from starting. Only happened on a windows host, not on a linux host. iptables v1.8.10 (nf_tables): CHAIN_ADD failed (No such file or directory): chain PREROUTING

image (21)

qoomon commented 4 months ago

Hmm, do you have any idea why this happens?(I don't have a windows machine)

qoomon commented 4 months ago

@xehonk do you use docker with wsl2 enabled? https://learn.microsoft.com/en-us/windows/wsl/tutorials/wsl-containers

xehonk commented 4 months ago

@qoomon Sorry, I don't have access to the affected machine until next week. I'll find out then.

xehonk commented 3 months ago

So, here's the update: The machine has wsl2 enabled. docker-desktop and docker-desktop-data images are installed.

$ docker run --cap-add=NET_ADMIN --cap-add=NET_RAW qoomon/docker-host:3.1.5
Docker Host: 192.168.65.2 (host.docker.internal)
Forwarding ports: 1-65535
Warning: Extension tcp revision 0 not supported, missing kernel module?
Warning: Extension DNAT revision 0 not supported, missing kernel module?
iptables v1.8.10 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain PREROUTING

$ docker run --cap-add=NET_ADMIN --cap-add=NET_RAW qoomon/docker-host:3.1.4
Docker Host: 192.168.65.2 (host.docker.internal)
Forwarding ports: 1-65535
Warning: Extension tcp revision 0 not supported, missing kernel module?
Warning: Extension DNAT revision 0 not supported, missing kernel module?
iptables v1.8.10 (nf_tables):  CHAIN_ADD failed (No such file or directory): chain PREROUTING

$ docker run --cap-add=NET_ADMIN --cap-add=NET_RAW qoomon/docker-host:3.1.3
Docker Host: 192.168.65.2 (host.docker.internal)
Forwarding ports: 1-65535

I also verified this on another computer running windows. Same result.

qoomon commented 3 months ago

probably it's due to iptables-nft change in alpine version 3.19.0 https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.19.0

qoomon commented 3 months ago

Maybe adding following lines to entrypoint.sh before iptable commands could help

modprobe ip_tables && echo $_ >> /etc/modules
modprobe iptable_nat && echo $_ >> /etc/modules
modprobe iptable_filter && echo $_ >> /etc/modules
xehonk commented 3 months ago

I have not tried this on windows, but even on linux there's this error with your suggested change. I do not think the alpine base image includes these loadable modules.

modprobe: can't change directory to '/lib/modules': No such file or directory

qoomon commented 3 months ago

I'll will try to migrate to nftables maybe this will work

qoomon commented 3 months ago

feel free to try this branch https://github.com/qoomon/docker-host/tree/feature/migrate-to-nftables

https://github.com/qoomon/docker-host/pull/63

xehonk commented 3 months ago

Works on my linux machine, but same error on windows unfortunately: image (22)

qoomon commented 3 months ago

hmm i have no clue what's the reason, or why the iptables legacy solution works

qoomon commented 3 months ago

seems to be related to

qoomon commented 3 months ago

@xehonk I switched to iptables-legacy. Feel free to try version 3.3.0

xehonk commented 3 months ago

I can confirm that it works with 3.3 on windows and linux. here the run from the previously broken windows pc:

image (24)