iptables operation not supported

[chrissound]

Apologies this might not be strictly relevant, but just in case someone else runs into this error I'm posting it.

I'm trying to run this within a docker container within Kubernetes though hitting an error of iptables: Operation not supported.

I've set the container to be a privliged + NET_ADMIN + NET_RAW capabilities.

oot@chris-sshuttle-k8stest:~# sshuttle -vvv --ssh-cmd "ssh -i k8s-ssh" -r root@trycatchchris.co.uk 0.0.0.0/32
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.7.6
firewall manager: ready method name nat.
IPv6 enabled: False
UDP enabled: False
DNS enabled: False
User enabled: False
Binding redirector: 12300
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket.socket fd=5, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
Starting client with Python version 3.7.6
c : connecting to server...
c : executing: ['ssh', '-i', 'k8s-ssh', 'root@trycatchchris.co.uk', '--', 'exec /bin/sh -c \'P=python3; $P -V 2>/dev/null || P=python; exec "$P" -c \'"\'"\'import sys, os; verbosity=3; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(1106), "assembler.py", "exec"))\'"\'"\'\'']
c :  > channel=0 cmd=PING len=7 (fullness=0)
-c:3: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
server: assembling 'sshuttle' (7 bytes)
server: assembling 'sshuttle.cmdline_options' (66 bytes)
server: assembling 'sshuttle.helpers' (944 bytes)
server: assembling 'sshuttle.ssnet' (5653 bytes)
server: assembling 'sshuttle.hostwatch' (2386 bytes)
server: assembling 'sshuttle.server' (3830 bytes)
Starting server with Python version 3.7.5
 s: latency control setting = True
 s:  > channel=0 cmd=PING len=7 (fullness=0)
 s: auto-nets:False
 s:  > channel=0 cmd=ROUTES len=0 (fullness=7)
c : Connected.
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=7/0)
 s:   Ready: 1 r=[] w=[5] x=[]
c : Waiting: 2 r=[5, 8] w=[8] x=[] (fullness=7/0)
c :   Ready: 2 r=[8] w=[8] x=[]
c : <  channel=0 cmd=PING len=7
c :  > channel=0 cmd=PONG len=7 (fullness=7)
c : mux wrote: 15/15
c : mux wrote: 15/15
c : Waiting: 2 r=[5, 8] w=[] x=[] (fullness=14/0)
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[5] x=[] (fullness=7/0)
 s:   Ready: 1 r=[] w=[5] x=[]
 s: mux wrote: 8/8
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=7/0)
c :   Ready: 2 r=[8] w=[] x=[]
c : <  channel=0 cmd=ROUTES len=0
firewall manager: Got subnets: [(2, 32, False, '0.0.0.0', 0, 0), (2, 32, True, '127.0.0.1', 0, 0)]
firewall manager: Got nslist: []
firewall manager: Got ports: 0,12300,0,0
firewall manager: Got udp: False, user: None
firewall manager: setting up.
firewall manager: setting up IPv4.
 s:   Ready: 1 r=[4] w=[] x=[]
 s: <  channel=0 cmd=PING len=7
 s:  > channel=0 cmd=PONG len=7 (fullness=7)
 s: <  channel=0 cmd=PONG len=7
 s: received PING response
 s: mux wrote: 15/15
 s: Waiting: 1 r=[4] w=[] x=[] (fullness=0/0)
iptables: Operation not supported.
firewall manager: undoing changes.
firewall manager: undoing IPv4 changes.
iptables: Operation not supported.
firewall manager: Error trying to undo IPv4 firewall.
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/linux.py", line 28, in ipt_chain_exists
firewall manager: --->     output = ssubprocess.check_output(argv, env=env)
firewall manager: --->   File "/usr/local/lib/python3.7/subprocess.py", line 411, in check_output
firewall manager: --->     **kwargs).stdout
firewall manager: --->   File "/usr/local/lib/python3.7/subprocess.py", line 512, in run
firewall manager: --->     output=stdout, stderr=stderr)
firewall manager: ---> subprocess.CalledProcessError: Command '['iptables', '-t', 'nat', '-nL']' returned non-zero exit status 1.
firewall manager: ---> 
firewall manager: ---> During handling of the above exception, another exception occurred:
firewall manager: ---> 
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/firewall.py", line 219, in main
firewall manager: --->     user)
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/methods/nat.py", line 39, in setup_firewall
firewall manager: --->     self.restore_firewall(port, family, udp, user)
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/methods/nat.py", line 99, in restore_firewall
firewall manager: --->     if ipt_chain_exists(family, table, chain):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/linux.py", line 33, in ipt_chain_exists
firewall manager: --->     raise Fatal('%r returned %d' % (argv, e.returncode))
firewall manager: ---> sshuttle.helpers.Fatal: ['iptables', '-t', 'nat', '-nL'] returned 1
firewall manager: ---> 
firewall manager: ---> During handling of the above exception, another exception occurred:
firewall manager: ---> 
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/linux.py", line 28, in ipt_chain_exists
firewall manager: --->     output = ssubprocess.check_output(argv, env=env)
firewall manager: --->   File "/usr/local/lib/python3.7/subprocess.py", line 411, in check_output
firewall manager: --->     **kwargs).stdout
firewall manager: --->   File "/usr/local/lib/python3.7/subprocess.py", line 512, in run
firewall manager: --->     output=stdout, stderr=stderr)
firewall manager: ---> subprocess.CalledProcessError: Command '['iptables', '-t', 'nat', '-nL']' returned non-zero exit status 1.
firewall manager: ---> 
firewall manager: ---> During handling of the above exception, another exception occurred:
firewall manager: ---> 
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/firewall.py", line 270, in main
firewall manager: --->     method.restore_firewall(port_v4, socket.AF_INET, udp, user)
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/methods/nat.py", line 99, in restore_firewall
firewall manager: --->     if ipt_chain_exists(family, table, chain):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/linux.py", line 33, in ipt_chain_exists
firewall manager: --->     raise Fatal('%r returned %d' % (argv, e.returncode))
firewall manager: ---> sshuttle.helpers.Fatal: ['iptables', '-t', 'nat', '-nL'] returned 1
firewall manager: undoing /etc/hosts changes.
firewall manager: Error trying to undo /etc/hosts changes.
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/linux.py", line 28, in ipt_chain_exists
firewall manager: --->     output = ssubprocess.check_output(argv, env=env)
firewall manager: --->   File "/usr/local/lib/python3.7/subprocess.py", line 411, in check_output
firewall manager: --->     **kwargs).stdout
firewall manager: --->   File "/usr/local/lib/python3.7/subprocess.py", line 512, in run
firewall manager: --->     output=stdout, stderr=stderr)
firewall manager: ---> subprocess.CalledProcessError: Command '['iptables', '-t', 'nat', '-nL']' returned non-zero exit status 1.
firewall manager: ---> 
firewall manager: ---> During handling of the above exception, another exception occurred:
firewall manager: ---> 
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/firewall.py", line 219, in main
firewall manager: --->     user)
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/methods/nat.py", line 39, in setup_firewall
firewall manager: --->     self.restore_firewall(port, family, udp, user)
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/methods/nat.py", line 99, in restore_firewall
firewall manager: --->     if ipt_chain_exists(family, table, chain):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/linux.py", line 33, in ipt_chain_exists
firewall manager: --->     raise Fatal('%r returned %d' % (argv, e.returncode))
firewall manager: ---> sshuttle.helpers.Fatal: ['iptables', '-t', 'nat', '-nL'] returned 1
firewall manager: ---> 
firewall manager: ---> During handling of the above exception, another exception occurred:
firewall manager: ---> 
firewall manager: ---> Traceback (most recent call last):
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/firewall.py", line 282, in main
firewall manager: --->     restore_etc_hosts(port_v6 or port_v4)
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/firewall.py", line 51, in restore_etc_hosts
firewall manager: --->     rewrite_etc_hosts({}, port)
firewall manager: --->   File "/usr/local/lib/python3.7/site-packages/sshuttle/firewall.py", line 30, in rewrite_etc_hosts
firewall manager: --->     os.link(HOSTSFILE, BAKFILE)
firewall manager: ---> OSError: [Errno 18] Invalid cross-device link: '/etc/hosts' -> '/etc/hosts.sbak'
fatal: ['iptables', '-t', 'nat', '-nL'] returned 1
c : fatal: cleanup: ['/usr/local/bin/python', '/usr/local/bin/sshuttle', '-v', '-v', '-v', '--method', 'auto', '--firewall'] returned 99

[chrissound]

This was due to a mismatch of the iptables version / package it seems.
More info here: https://stackoverflow.com/questions/60529231/how-can-i-configure-iptables-within-kubernetes-net-admin-capability-does-not-s