New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

error: Failed to list ipv6 rules for lxdbr0 (table ) #3686

Closed
asarubbo opened this Issue Aug 19, 2017 · 10 comments

Comments

4 participants
@asarubbo
Copy link

asarubbo commented Aug 19, 2017

  • Distribution: Gentoo
  • The output of "lxc info" or if that fails:
    • Kernel version: 4.9.34-gentoo
    • LXC version: 2.0.8
    • LXD version: 2.14
    • Storage backend in use: default

Issue description

The lxd init fails because of the error: error: Failed to list ipv6 rules for lxdbr0 (table )

Steps to reproduce

  1. lxd init
$ /usr/sbin/lxd init
Do you want to configure a new storage pool (yes/no) [default=yes]? 
Name of the new storage pool [default=default]: 
Name of the storage backend to use (dir) [default=dir]: 
Would you like LXD to be available over the network (yes/no) [default=no]? 
Would you like stale cached images to be updated automatically (yes/no) [default=yes]? 
Would you like to create a new network bridge (yes/no) [default=yes]? 
What should the new bridge be called [default=lxdbr0]? 
What IPv4 address should be used (CIDR subnet notation, “auto” or “none”) [default=auto]? 192.168.1.2/24
Would you like LXD to NAT IPv4 traffic on your bridge? [default=yes]? 
What IPv6 address should be used (CIDR subnet notation, “auto” or “none”) [default=auto]? none
error: Failed to list ipv6 rules for lxdbr0 (table )

Additional info:

# lxc-checkconfig 
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled
FUSE (for use with lxcfs): enabled

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled
@stgraber

This comment has been minimized.

Copy link
Member

stgraber commented Aug 19, 2017

What LXD version are you actually running?

2.21 doesn't exist (yet).

@stgraber stgraber added the Incomplete label Aug 19, 2017

@stgraber

This comment has been minimized.

Copy link
Member

stgraber commented Aug 19, 2017

Also what does this give you;

ip6tables -w -S 
@asarubbo

This comment has been minimized.

Copy link

asarubbo commented Aug 19, 2017

It was a typo. I have lxd-2.14.

# iptables -w -S                                                                                                            
-P INPUT DROP                                                                                                                                        
-P FORWARD ACCEPT                                                                                                                                    
-P OUTPUT ACCEPT                                                                                                                                     
-A INPUT -i localhost -j ACCEPT                                                                                                                      
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT                                                                                              
-A INPUT -s 127.0.0.1/32 -j ACCEPT                                                                                                                   
-A INPUT -p icmp -j ACCEPT                                                                                                                           
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT                                                                                                         
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
@stgraber

This comment has been minimized.

Copy link
Member

stgraber commented Aug 19, 2017

You didn't run the command I gave you :)
I gave ip6tables, not iptables.

@asarubbo

This comment has been minimized.

Copy link

asarubbo commented Aug 20, 2017

OK, I found the issue, I need iptables with ipv6 support, which I don't have atm.

@asarubbo

This comment has been minimized.

@asarubbo asarubbo closed this Aug 20, 2017

@stgraber stgraber modified the milestone: lxd-2.17 Aug 22, 2017

@Ramzec

This comment has been minimized.

Copy link

Ramzec commented Sep 27, 2017

I have installed lxd-2.18 on my gentoo-server. Gentoo provides USE flag, that allow to control "ipv6". I disabled ipv6, but LXD init-wizard still asks about ipv6. I did not set ipv6-address, but LXD still wants it, because:

EROR[09-27|14:46:15] Failed to bring up network err="Failed to list ipv6 rules for lxdbr0 (table filter)" name=lxdbr0

Due to the error LXD cannot start containers. The issue has been resolved only after rebuilding of kernel and activating the missing table filter.

@stgraber

This comment has been minimized.

Copy link
Member

stgraber commented Sep 27, 2017

@Ramzec what do you get if you do "lxc network create test ipv6.address=none"?

@Ramzec

This comment has been minimized.

Copy link

Ramzec commented Sep 27, 2017

@stgraber now it works, because I rebuilt my kernel and enabled table filter.

# lxc network create test ipv6.address=none                                                      
Network test created
@nkichukov

This comment has been minimized.

Copy link

nkichukov commented Dec 18, 2017

This is still a problem and it is not resolved in lxd-2.18 or lxd-2.19. See https://bugs.gentoo.org/628346#c4

iptables is compiled with ipv6 support, but because the kernel is not, the 'lxd init' still fails and terminates instead of just warning for example.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment