Closed wangliangliang2 closed 3 years ago
Hi, I would advise to switch to Docker's built-in IPv6 NAT, which seems to work great. Please see #65.
Otherwise, #67 contains some workarounds, like downgrading the iptables package.
I would advise to switch to Docker's built-in IPv6 NAT, which seems to work great
no,it will be a disaster.because docker in synology add "ip6tables": true will crash.
@wangliangliang2 were you able to resolve this on synology?
Adding
"ipv6": true,
"fixed-cidr-v6": "fd00:dead:beef::/48",
"ip6tables": true,
"experimental": true
to /var/packages/Docker/etc/dockerd.json
makes it not start.
I get
Nov 25 04:51:41 cubic dockerd[31673]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: ip6tables --wait -t nat -N DOCKER: ip6tabl es v1.8.3 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?) Nov 25 04:51:41 cubic dockerd[31673]: Perhaps ip6tables or your kernel needs to be upgraded.
Am I doomed?
Got same question in my Diskstation, I'm confused
@wangliangliang2 were you able to resolve this on synology?
yep, please see in https://github.com/wangliangliang2/fix_synology_docker_ipv6
Adding
"ipv6": true, "fixed-cidr-v6": "fd00:dead:beef::/48", "ip6tables": true, "experimental": true
to
/var/packages/Docker/etc/dockerd.json
makes it not start. I getNov 25 04:51:41 cubic dockerd[31673]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: ip6tables --wait -t nat -N DOCKER: ip6tabl es v1.8.3 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?) Nov 25 04:51:41 cubic dockerd[31673]: Perhaps ip6tables or your kernel needs to be upgraded.
Am I doomed?
cause synology no support. you should run https://github.com/wangliangliang2/fix_synology_docker_ipv6 first
@wangliangliang2 adding/replacing a bunch of kernel modules with unknown binaries? That doesn't sound remotely robust/safe.
iptables_modules_list
, what are the changes? Perhaps it should be a patch or a sed
command rather than just replacing the file blindly?This was also my concerns, also what would I need on synology 7?
Or is the problem gone with 7?
adding/replacing a bunch of kernel modules with unknown binaries
you can rebuild it for yourself from https://github.com/SynoCommunity/spksrc
and there is an issue by me https://github.com/SynoCommunity/spksrc/issues/4713#issuecomment-1000017943
This was also my concerns, also what would I need on synology 7?
Or is the problem gone with 7? maybe you can read this and rebuild iptables and ipv6 module for yourself https://github.com/SynoCommunity/spksrc/issues/4713#issuecomment-1000017943
2. In
iptables_modules_list
, what are the changes? Perhaps it should be a patch or ased
command rather than just replacing the file blindly
use it or not ,depending on yourself, I will not care so much things. as I said you can rebuild ipv6 module and iptables for yourself by https://github.com/SynoCommunity/spksrc
I encountered same problem in #67 and #28 . I found difference in synology system.
the reason of [unable to detect hairpin mode (is the docker daemon running?)] in synology is the lack of ip6table_nat.ko and the other ip6* module?