-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
failed to intialize firewall: firewall support not found #307
Comments
testing 0.18.5 and same problem: [netclient] 2023-03-31 13:49:50 Starting firewall... |
Had the same issue, using netclient 0.18.x in Docker. investigating the logs further I found;
The netclient Docker image seems to be missing the wireguard-tools pakage. For now fixed it by overriding the entrypoint in docker-compose.
I don't get the firewall error after this anymore. |
Have you upgraded to v0.20.0? This workaround no longer works for me after upgrading. Getting "firewall support not found" again. Update: Appears to be working with this entrypoint override
|
Can confirm the first workaround does not help anymore on docker image v0.20.0 it now reports:
Thank you for finding the next workaround! But still it should be for now;
As the "wg" binary is still missing in the docker image and it is used for the cleanup function when netclient is terminated. I will open a new issue now to point the docker image maintainers to these missing dependencies. |
iptables and iptables6 installed in netclient docker image |
testing netmaker 0.18.4. netclient ver 0.18.4, on all ubuntu hosts most on 22.04.2 lts with nftables active (iptables-nft), I've all these errors in the netclient docker version: "[netclient] 2023-03-30 10:16:30 Starting firewall...
[netclient] 2023-03-30 10:16:30 iptables is not supported, using nftables
[netclient] 2023-03-30 10:16:30 failed to intialize firewall: firewall support not found" and also this error:"[netclient] 2023-03-30 10:21:29 error adding route no such device". The netclient version is 0.18.4, Ubuntu 22.04.2 LTS and iptables v1.8.7 (nf_tables), nftables v1.0.2 (Lester Gooch). The errors shows up only if I configure egress option on the hosts to reach internal subnets. The routes seems to be correctly added to the rest of the allowed nodes but I can ping only the ip of the node exposing the internal subnet. If I manually add an nft rule to masquerade the outgoing interface (like ens18) I can then ping all the internal hosts. If you need further info just le me know.
The text was updated successfully, but these errors were encountered: