search

soxfor / qbittorrent-natmap

The objective of this container is to run a script that requests a port forward (via NAT-PMP) from the VPN provider and upon success changes the listening port of the qBittorrent client when running in Docker
133 stars 17 forks source link

iptables-legacy : Latest gluetun needs qbittorrent-natmap to be updated. #23

Open OrpheeGT opened 2 months ago

OrpheeGT commented 2 months ago

Hello,

With latest gluetun update, qbitorrent-natmap does not work anymore : 

2024-05-05 01:11:31 | VPN container gluetun in healthy state!
2024-05-05 01:11:32 | Unable to reach qBittorrent at 10.2.0.2:8080
2024-05-05 01:11:33 | VPN container gluetun in healthy state!
2024-05-05 01:11:38 | qBittorrent SessionID Ok!
2024-05-05 01:11:38 | Public IP: xxxxxx
2024-05-05 01:11:38 | Configured Port: xxxxx
2024-05-05 01:11:38 | Active Port: xxxxx
2024-05-05 01:11:38 | Port OK (Act: xxxxx Cfg: xxxxx)
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument
Warning: Extension tcp revision 0 not supported, missing kernel module?
iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument
Warning: Extension udp revision 0 not supported, missing kernel module?
iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument
2024-05-05 01:11:38 | IPTables rule added for port xxxxx on gluetun container
2024-05-05 01:11:38 | NAT-PMP/UPnP Ok!
2024-05-05 01:11:38 | Sleeping for 0 minutes

image

The rules in start.sh needs to be updated :

/sbin/iptables as to be replaced with /sbin/iptables-legacy

fw_delrule(){
    if (docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -L INPUT -n | grep -qP "^ACCEPT.*${configured_port}.*"); then
        # shellcheck disable=SC2086
        docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -D INPUT -i "${VPN_IF_NAME}" -p tcp --dport ${configured_port} -j ACCEPT
        # shellcheck disable=SC2086
        docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -D INPUT -i "${VPN_IF_NAME}" -p udp --dport ${configured_port} -j ACCEPT
    fi
}

fw_addrule(){
    if ! (docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -L INPUT -n | grep -qP "^ACCEPT.*${active_port}.*"); then
        # shellcheck disable=SC2086
        docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -A INPUT -i "${VPN_IF_NAME}" -p tcp --dport ${active_port} -j ACCEPT
        # shellcheck disable=SC2086
        docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -A INPUT -i "${VPN_IF_NAME}" -p udp --dport ${active_port} -j ACCEPT
        return 0
    else
        return 1
    fi
}

Once docker image modified, it works again : 


2024-05-05 01:44:39 | VPN container gluetun in healthy state!
2024-05-05 01:44:39 | Unable to reach qBittorrent at 10.2.0.2:8080
2024-05-05 01:44:40 | VPN container gluetun in healthy state!
2024-05-05 01:44:40 | Unable to reach qBittorrent at 10.2.0.2:8080
2024-05-05 01:44:41 | VPN container gluetun in healthy state!
2024-05-05 01:44:47 | qBittorrent SessionID Ok!
2024-05-05 01:44:47 | Public IP: xxxxxxx
2024-05-05 01:44:47 | Configured Port: xxxxx
2024-05-05 01:44:47 | Active Port: xxxxx
2024-05-05 01:44:47 | Port OK (Act: xxxxx Cfg: xxxxx)
2024-05-05 01:44:47 | IPTables rule added for port xxxxx on gluetun container
2024-05-05 01:44:47 | NAT-PMP/UPnP Ok!
2024-05-05 01:44:47 | Sleeping for 0 minutes
2024-05-05 01:45:32 | qBittorrent SessionID Ok!
2024-05-05 01:45:32 | Public IP: xxxxxxx
2024-05-05 01:45:32 | Configured Port: xxxxx
2024-05-05 01:45:32 | Active Port: xxxxx
2024-05-05 01:45:32 | Port OK (Act: xxxxx Cfg: xxxxx)

image

Gunther0042 commented 2 weeks ago

I'm having this same issue and I'm not smart enough to modify the code so I just downgraded Gluetun to v3.37 in the meantime. @OrpheeGT Any chance you would be willing to fork the code with your fix and make a PR and/or offer the fixed version on Dockerhub?

OrpheeGT commented 2 weeks ago

I just did a local dirty patch...

on my system running the container :

# to export file from container :
docker container cp qbittorrent-natmap:"/start.sh" start.sh

# then edit all occurences it to change "/sbin/iptables " by "/sbin/iptables-legacy "  on exported start.sh
# you can do it with your prefered text editor

#then send back the modded start.sh to container : 
docker container cp start.sh qbittorrent-natmap:"/start.sh"

# then "commit" the change
docker container commit qbittorrent-natmap

 # then identify new image
docker image ls |grep none

# choose the result created a few seconds ago 
# exemple : 
# "<none>                        <none>       391f8bf92930   12 seconds ago"
docker image tag 391f8bf92930 ghcr.io/soxfor/qbittorrent-natmap::fix
# (replace 391f8bf92930 by ID found from your result)

Then edit your docker-compose.yml to set "fix" instead of "latest" on line : https://github.com/soxfor/qbittorrent-natmap/blob/main/docker-compose.yml#L67

and you run docker-compose down docker-compose up -d

It should "work"...

Edit : Fixed wrong values.