Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker版本使用 -m iptables好像有权限问题 #45

Closed
happy4041 opened this issue Jan 30, 2024 · 3 comments
Closed

docker版本使用 -m iptables好像有权限问题 #45

happy4041 opened this issue Jan 30, 2024 · 3 comments
Labels
not a bug question Further information is requested

Comments

@happy4041
Copy link

运行的命令是:docker run -d -v /root/jiaoben:/opt2 --restart=always --net=host --name natter_qb nattertool/natter -m iptables -k 5 -e /opt2/qb.sh

错误如下:
2024-01-30 16:32:53 [I] Natter v2.0.0-rc1
iptables v1.8.9 (legacy): can't initialize iptables table nat': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. OSError: iptables >= (1, 4, 1) not available 2024-01-30 16:32:53 [I] Natter v2.0.0-rc1 iptables v1.8.9 (legacy): can't initialize iptables table nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
OSError: iptables >= (1, 4, 1) not available
2024-01-30 16:32:53 [I] Natter v2.0.0-rc1
iptables v1.8.9 (legacy): can't initialize iptables table nat': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. OSError: iptables >= (1, 4, 1) not available 2024-01-30 16:32:54 [I] Natter v2.0.0-rc1 iptables v1.8.9 (legacy): can't initialize iptables table nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
OSError: iptables >= (1, 4, 1) not available
2024-01-30 16:32:55 [I] Natter v2.0.0-rc1
iptables v1.8.9 (legacy): can't initialize iptables table nat': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. OSError: iptables >= (1, 4, 1) not available 2024-01-30 16:32:57 [I] Natter v2.0.0-rc1 iptables v1.8.9 (legacy): can't initialize iptables table nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
OSError: iptables >= (1, 4, 1) not available
@MikeWang000000
Copy link
Owner

请阅读文档:
https://github.com/MikeWang000000/Natter/blob/master/natter-docker/README.md

参考 “使用 iptables 内核转发” 部分,再尝试报错是否消失?

@MikeWang000000 MikeWang000000 added question Further information is requested not a bug labels Jan 31, 2024
@happy4041
Copy link
Author

您好,我按照您的文档使用了--cap-add=NET_ADMIN --cap-add=NET_RAW 这两个参数启动docker,但好像还是启动不起来。

我补充一下运行这个命令的设备,是在x86 esxi虚拟机群晖的docker里运行的,启动的方式是群晖ssh使用docker命令启动,创建并启动docker容器命令:docker run -d -v /volume1/docker/natter:/opt2 --restart=always --net=host --cap-add=NET_ADMIN --cap-add=NET_RAW --name natter_qb nattertool/natter -m iptables -k 5 -e /opt2/qb.sh

报错如下:
2024-02-01 18:10:37 [I] Natter v2.0.0-rc1
Warning: Extension comment revision 0 not supported, missing kernel module?
iptables: No chain/target/match by that name.
subprocess.CalledProcessError: Command '['iptables', '-w', '-t', 'nat', '-I', 'NATTER', '-p', 'tcp', '--dst', '192.168.1.26', '--dport', '32852', '-j', 'DNAT', '--to-destination', '192.168.1.26:48205', '-m', 'comment', '--comment', 'NATTER_UUID=6ae376e8-b404-4801-ad8d-fa086c29e427']' returned non-zero exit status 1.
2024-02-01 18:11:07 [I] Natter v2.0.0-rc1
Warning: Extension comment revision 0 not supported, missing kernel module?
iptables: No chain/target/match by that name.
subprocess.CalledProcessError: Command '['iptables', '-w', '-t', 'nat', '-I', 'NATTER', '-p', 'tcp', '--dst', '192.168.1.26', '--dport', '38543', '-j', 'DNAT', '--to-destination', '192.168.1.26:48357', '-m', 'comment', '--comment', 'NATTER_UUID=7b1fed1d-12c4-4f9a-84b8-bf035a9693b2']' returned non-zero exit status 1.
2024-02-01 18:12:03 [I] Natter v2.0.0-rc1
Warning: Extension comment revision 0 not supported, missing kernel module?
iptables: No chain/target/match by that name.
subprocess.CalledProcessError: Command '['iptables', '-w', '-t', 'nat', '-I', 'NATTER', '-p', 'tcp', '--dst', '192.168.1.26', '--dport', '39190', '-j', 'DNAT', '--to-destination', '192.168.1.26:48208', '-m', 'comment', '--comment', 'NATTER_UUID=af59bbaf-1ffe-4ee7-8c9e-f6b0a1669aba']' returned non-zero exit status 1.
2024-02-01 18:13:08 [I] Natter v2.0.0-rc1
Warning: Extension comment revision 0 not supported, missing kernel module?
iptables: No chain/target/match by that name.
subprocess.CalledProcessError: Command '['iptables', '-w', '-t', 'nat', '-I', 'NATTER', '-p', 'tcp', '--dst', '192.168.1.26', '--dport', '39586', '-j', 'DNAT', '--to-destination', '192.168.1.26:48328', '-m', 'comment', '--comment', 'NATTER_UUID=884300f3-c7fe-4ecb-bc9f-64ce34879106']' returned non-zero exit status 1.

@happy4041
Copy link
Author

问题解决了,群晖自带的iptables是阉割版,要安装系统缺失的一些iptables模块就好了。

@MikeWang000000 MikeWang000000 mentioned this issue Feb 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
not a bug question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MikeWang000000 @happy4041