You are not logged in.
Hello, I ran pacman -Syu this evening and the nat bridge for my VM stopped working. The nat was setup via virt-manager, so I'm unsure of the exact details. The iptables command below probably shows how its setup.
$ sudo virsh net-list --all
Name State Autostart Persistent
----------------------------------------------------------
default inactive no yes
net2 inactive yes yes
network inactive no yes
net2 is the network I was using for my vm without any issues before this update. Now when I try to start the vm/bridge, I get this error:
$ sudo virsh net-start net2
error: Failed to start network net2
error: COMMAND_FAILED: '/usr/bin/iptables -w2 -w --table nat --insert POSTROUTING --source 192.168.5.0/24 ! --destination 192.168.5.0/24 --out-interface wlp7s0 --jump MASQUERADE' failed: iptables v1.6.2: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
after some poking around, I found that the iptable_nat module is not installed.
$ lsmod | grep iptable
iptable_filter 16384 0
ip_tables 28672 1 iptable_filter
x_tables 45056 8 ebtables,ip6table_filter,xt_conntrack,iptable_filter,xt_tcpudp,ip6_tables,ipt_REJECT,ip_tables
$ lsmod | grep nat
nft_chain_nat_ipv6 16384 2
nf_nat_ipv6 16384 1 nft_chain_nat_ipv6
nft_chain_nat_ipv4 16384 2
nf_nat_ipv4 16384 1 nft_chain_nat_ipv4
nf_nat 36864 2 nf_nat_ipv6,nf_nat_ipv4
nf_tables 118784 111 nft_ct,nft_set_rbtree,nft_chain_nat_ipv6,nft_chain_nat_ipv4,nft_reject_inet,nft_fib_ipv6,nft_set_bitmap,nft_fib_ipv4,nft_meta,nft_set_hash,nft_reject,nft_fib,nft_fib_inet
ebtable_nat 16384 0
nf_conntrack 155648 9 xt_conntrack,nf_conntrack_ipv6,nf_conntrack_ipv4,nf_nat,nft_ct,nft_chain_nat_ipv6,nf_nat_ipv6,nft_chain_nat_ipv4,nf_nat_ipv4
ebtables 36864 3 ebtable_nat,ebtable_filter,ebtable_broute
libcrc32c 16384 3 nf_conntrack,nf_nat,btrfs
$ lsmod | grep table
nf_tables 118784 111 nft_ct,nft_set_rbtree,nft_chain_nat_ipv6,nft_chain_nat_ipv4,nft_reject_inet,nft_fib_ipv6,nft_set_bitmap,nft_fib_ipv4,nft_meta,nft_set_hash,nft_reject,nft_fib,nft_fib_inet
ebtable_nat 16384 0
ebtable_broute 16384 0
bridge 188416 1 ebtable_broute
nfnetlink 16384 2 nf_tables,ip_set
ebtable_filter 16384 0
ebtables 36864 3 ebtable_nat,ebtable_filter,ebtable_broute
ip6table_filter 16384 0
ip6_tables 32768 1 ip6table_filter
iptable_filter 16384 0
ip_tables 28672 1 iptable_filter
x_tables 45056 8 ebtables,ip6table_filter,xt_conntrack,iptable_filter,xt_tcpudp,ip6_tables,ipt_REJECT,ip_tables
$ lsmod | grep nf
nft_set_bitmap 16384 3
nft_set_hash 28672 0
nft_set_rbtree 16384 0
nft_fib_inet 16384 1
nft_fib_ipv4 16384 1 nft_fib_inet
nft_fib_ipv6 16384 1 nft_fib_inet
nft_fib 16384 3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet
nft_reject_inet 16384 2
nf_reject_ipv4 16384 2 nft_reject_inet,ipt_REJECT
nf_reject_ipv6 16384 1 nft_reject_inet
nft_reject 16384 1 nft_reject_inet
nft_meta 16384 10
nft_ct 20480 6
nft_chain_nat_ipv6 16384 2
nf_conntrack_ipv6 16384 9
nf_defrag_ipv6 20480 1 nf_conntrack_ipv6
nf_nat_ipv6 16384 1 nft_chain_nat_ipv6
nft_chain_nat_ipv4 16384 2
nf_conntrack_ipv4 16384 9
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 nft_chain_nat_ipv4
nf_nat 36864 2 nf_nat_ipv6,nf_nat_ipv4
nf_tables 118784 111 nft_ct,nft_set_rbtree,nft_chain_nat_ipv6,nft_chain_nat_ipv4,nft_reject_inet,nft_fib_ipv6,nft_set_bitmap,nft_fib_ipv4,nft_meta,nft_set_hash,nft_reject,nft_fib,nft_fib_inet
nf_conntrack 155648 9 xt_conntrack,nf_conntrack_ipv6,nf_conntrack_ipv4,nf_nat,nft_ct,nft_chain_nat_ipv6,nf_nat_ipv6,nft_chain_nat_ipv4,nf_nat_ipv4
nfnetlink 16384 2 nf_tables,ip_set
libcrc32c 16384 3 nf_conntrack,nf_nat,btrfs
When I try to insert the mod, I get this error:
$ sudo modprobe iptable_nat
modprobe: ERROR: could not insert 'iptable_nat': Device or resource busy
Any help would be appreciated.
Last edited by rytc (2018-08-08 00:28:10)
Offline
Really dumb question: did you reboot your machine after the kernel was updgraded?
Offline
same issue here. after rebooting firewalld does not start and rolling back to the previous version did not resolve the issue
i got around it hastily by disabling firewalld and restarting - working perfectly now but not the best solution. (needed urgent access to the VM)
Last edited by stanna (2018-08-07 09:44:41)
Offline
I am experiencing the same problems. A little Googling around lead me to these sources:
https://www.spinics.net/lists/netfilter/msg58008.html,
https://blog.printk.io/2018/06/iptable- … be-loaded/
They suggest unloading the 'iptable_nat' module.
I haven't yet had time to test these solutions but if you're feeling adventures give it a try.
EDIT
Never mind I don't think this is related to the current issue.
Last edited by sebkirller (2018-08-07 13:50:24)
Offline
Same problems. iptables is missing the table nat, iptables_nat module is not loaded in the kernel and using
$ sudo modprobe iptable_nat
fails as rytc described.
In my case this also disrupts the network/firewall configuration during boot. I need to restart firewalld,service before accessing the network.
Offline
Please post the pacman.log for the update that triggered this.
Online
Ok so the problem is with the most current Linux kernel, 4.17.12, which does not include iptable_nat anymore. After I switched over to the LTS kernel 4.14.60-1, the iptable_nat came back and I can once again use the nat table.
So somewhere from around 4.14.60 and 4.17.12 the iptable_nat module got removed.
Offline
Here are the logs (there are reasonably anonymous right?):
https://pastebin.com/WXbbnRa0
One significant change that i do notice is that nftables was installed as a new package. I probably need to configure it to work with iptables?
Offline
Yes I did reboot a couple of times, here is pacman.log
Edit: yea, nftables was installed for me too
Edit2: I guess I just need to figure out how to setup the nat using nftables?
[2018-08-06 18:08] [PACMAN] synchronizing package lists
[2018-08-06 18:08] [PACMAN] starting full system upgrade
[2018-08-06 18:12] [ALPM] transaction started
[2018-08-06 18:12] [ALPM] upgraded linux-api-headers (4.16.1-1 -> 4.17.11-1)
[2018-08-06 18:12] [ALPM] warning: /etc/locale.gen installed as /etc/locale.gen.pacnew
[2018-08-06 18:12] [ALPM] upgraded glibc (2.27-3 -> 2.28-1)
[2018-08-06 18:12] [ALPM-SCRIPTLET] Generating locales...
[2018-08-06 18:12] [ALPM-SCRIPTLET] en_US.UTF-8... done
[2018-08-06 18:12] [ALPM-SCRIPTLET] Generation complete.
[2018-08-06 18:12] [ALPM] upgraded gcc-libs (8.1.1+20180531-1 -> 8.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded libutil-linux (2.32.1-1 -> 2.32.1-2)
[2018-08-06 18:12] [ALPM] upgraded avahi (0.7+16+g1cc2b8e-1 -> 0.7+16+g1cc2b8e-2)
[2018-08-06 18:12] [ALPM] upgraded binutils (2.30-5 -> 2.31.1-1)
[2018-08-06 18:12] [ALPM] upgraded boost-libs (1.67.0-5 -> 1.67.0-6)
[2018-08-06 18:12] [ALPM] upgraded btrfs-progs (4.17-1 -> 4.17-2)
[2018-08-06 18:12] [ALPM] upgraded libxml2 (2.9.8-2 -> 2.9.8-3)
[2018-08-06 18:12] [ALPM] upgraded llvm-libs (6.0.1-1 -> 6.0.1-2)
[2018-08-06 18:12] [ALPM] upgraded gcc (8.1.1+20180531-1 -> 8.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded clang (6.0.1-1 -> 6.0.1-2)
[2018-08-06 18:12] [ALPM] upgraded device-mapper (2.02.180-1 -> 2.02.181-1)
[2018-08-06 18:12] [ALPM] upgraded cryptsetup (2.0.3-2 -> 2.0.4-1)
[2018-08-06 18:12] [ALPM] installed nftables (1:0.9.0-1)
[2018-08-06 18:12] [ALPM] upgraded perl (5.26.2-2 -> 5.28.0-1)
[2018-08-06 18:12] [ALPM] upgraded libldap (2.4.46-1 -> 2.4.46-2)
[2018-08-06 18:12] [ALPM] upgraded python (3.6.6-1 -> 3.7.0-3)
[2018-08-06 18:12] [ALPM] upgraded python-decorator (4.3.0-1 -> 4.3.0-2)
[2018-08-06 18:12] [ALPM] upgraded pygobject-devel (3.28.3-1 -> 3.28.3-2)
[2018-08-06 18:12] [ALPM] upgraded python-gobject (3.28.3-1 -> 3.28.3-2)
[2018-08-06 18:12] [ALPM] upgraded python-dbus-common (1.2.8-1 -> 1.2.8-2)
[2018-08-06 18:12] [ALPM] upgraded python-dbus (1.2.8-1 -> 1.2.8-2)
[2018-08-06 18:12] [ALPM] upgraded python-six (1.11.0-1 -> 1.11.0-3)
[2018-08-06 18:12] [ALPM] upgraded util-linux (2.32.1-1 -> 2.32.1-2)
[2018-08-06 18:12] [ALPM] upgraded python-slip (0.6.5-1 -> 0.6.5-2)
[2018-08-06 18:12] [ALPM] upgraded firewalld (0.5.1-1 -> 0.6.0-1)
[2018-08-06 18:12] [ALPM] upgraded libtool (2.4.6+40+g6ca5e224-7 -> 2.4.6+42+gb88cebd5-1)
[2018-08-06 18:12] [ALPM] upgraded gdb-common (8.1-1 -> 8.1-3)
[2018-08-06 18:12] [ALPM] upgraded gdb (8.1-1 -> 8.1-3)
[2018-08-06 18:12] [ALPM] upgraded gpgme (1.11.1-1 -> 1.11.1-2)
[2018-08-06 18:12] [ALPM] upgraded vim-runtime (8.1.0022-1 -> 8.1.0194-2)
[2018-08-06 18:12] [ALPM] upgraded libxkbcommon (0.8.0-2 -> 0.8.2-1)
[2018-08-06 18:12] [ALPM] upgraded xcb-proto (1.13-1 -> 1.13-2)
[2018-08-06 18:12] [ALPM] upgraded libproxy (0.4.15-6 -> 0.4.15-8)
[2018-08-06 18:12] [ALPM] upgraded gvim (8.1.0022-1 -> 8.1.0194-2)
[2018-08-06 18:12] [ALPM] upgraded lensfun (0.3.2-6 -> 0.3.2-7)
[2018-08-06 18:12] [ALPM] upgraded libgexiv2 (0.10.8-1 -> 0.10.8-2)
[2018-08-06 18:12] [ALPM] upgraded libibus (1.5.18-1 -> 1.5.18-2)
[2018-08-06 18:12] [ALPM] upgraded libvirt-python2 (4.5.0-1 -> 4.5.0-2)
[2018-08-06 18:12] [ALPM] upgraded libxkbcommon-x11 (0.8.0-2 -> 0.8.2-1)
[2018-08-06 18:12] [ALPM] upgraded linux (4.17.11-1 -> 4.17.12.arch1-1)
[2018-08-06 18:12] [ALPM] upgraded linux-headers (4.17.11-1 -> 4.17.12.arch1-1)
[2018-08-06 18:12] [ALPM] upgraded lvm2 (2.02.180-1 -> 2.02.181-1)
[2018-08-06 18:12] [ALPM] upgraded meson (0.47.1-1 -> 0.47.1-2)
[2018-08-06 18:12] [ALPM] upgraded perl-error (0.17026-1 -> 0.17026-2)
[2018-08-06 18:12] [ALPM] upgraded perl-timedate (2.30-4 -> 2.30-5)
[2018-08-06 18:12] [ALPM] upgraded perl-mailtools (2.20-1 -> 2.20-2)
[2018-08-06 18:12] [ALPM] upgraded perl-xml-parser (2.44-6 -> 2.44-7)
[2018-08-06 18:12] [ALPM] upgraded protobuf (3.5.2-1 -> 3.6.0.1-1)
[2018-08-06 18:12] [ALPM] upgraded pygobject2-devel (2.28.7-1 -> 2.28.7-2)
[2018-08-06 18:12] [ALPM] upgraded pyqt5-common (5.11.2-1 -> 5.11.2-2)
[2018-08-06 18:12] [ALPM] upgraded python-anytree (2.4.3-1 -> 2.4.3-2)
[2018-08-06 18:12] [ALPM] upgraded python-appdirs (1.4.3-1 -> 1.4.3-2)
[2018-08-06 18:12] [ALPM] upgraded python-attrs (18.1.0-1 -> 18.1.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-beaker (1.10.0-1 -> 1.10.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-msgpack (0.5.6-1 -> 0.5.6-2)
[2018-08-06 18:12] [ALPM] upgraded python-urllib3 (1.23-1 -> 1.23-2)
[2018-08-06 18:12] [ALPM] upgraded python-pyparsing (2.2.0-1 -> 2.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-packaging (17.1-1 -> 17.1-2)
[2018-08-06 18:12] [ALPM] upgraded python-setuptools (1:39.2.0-2 -> 1:39.2.0-3)
[2018-08-06 18:12] [ALPM] upgraded python-chardet (3.0.4-1 -> 3.0.4-2)
[2018-08-06 18:12] [ALPM] upgraded python-idna (2.7-2 -> 2.7-3)
[2018-08-06 18:12] [ALPM] upgraded python-requests (2.19.1-1 -> 2.19.1-2)
[2018-08-06 18:12] [ALPM] upgraded python-cachecontrol (0.12.5-2 -> 0.12.5-4)
[2018-08-06 18:12] [ALPM] upgraded python-click (6.7-1 -> 6.7-2)
[2018-08-06 18:12] [ALPM] upgraded python-colorama (0.3.9-1 -> 0.3.9-2)
[2018-08-06 18:12] [ALPM] upgraded python-distlib (0.2.7-1 -> 0.2.7-2)
[2018-08-06 18:12] [ALPM] upgraded python-distro (1.3.0-1 -> 1.3.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-webencodings (0.5.1-1 -> 0.5.1-2)
[2018-08-06 18:12] [ALPM] upgraded python-html5lib (1.0.1-2 -> 1.0.1-3)
[2018-08-06 18:12] [ALPM] upgraded python-itsdangerous (0.24-3 -> 0.24-4)
[2018-08-06 18:12] [ALPM] upgraded python-markupsafe (1.0-1 -> 1.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-jinja (2.10-1 -> 2.10-2)
[2018-08-06 18:12] [ALPM] upgraded python-lockfile (0.12.2-2 -> 0.12.2-3)
[2018-08-06 18:12] [ALPM] upgraded python-lxml (4.2.3-1 -> 4.2.4-1)
[2018-08-06 18:12] [ALPM] upgraded python-mako (1.0.7-1 -> 1.0.7-2)
[2018-08-06 18:12] [ALPM] upgraded python-progress (1.4-1 -> 1.4-2)
[2018-08-06 18:12] [ALPM] upgraded python-pytoml (0.1.16-1 -> 0.1.16-2)
[2018-08-06 18:12] [ALPM] upgraded python-retrying (1.3.3-3 -> 1.3.3-4)
[2018-08-06 18:12] [ALPM] upgraded python-pip (10.0.1-1 -> 18.0-1)
[2018-08-06 18:12] [ALPM] upgraded python-pygments (2.2.0-1 -> 2.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-pypeg2 (2.15.2-2 -> 2.15.2-3)
[2018-08-06 18:12] [ALPM] upgraded python-sip-pyqt5 (4.19.12-4 -> 4.19.12-5)
[2018-08-06 18:12] [ALPM] upgraded python-pyqt5 (5.11.2-1 -> 5.11.2-2)
[2018-08-06 18:12] [ALPM] upgraded shiboken (1.2.4-3 -> 1.2.4-4)
[2018-08-06 18:12] [ALPM] upgraded python-shiboken (1.2.4-3 -> 1.2.4-4)
[2018-08-06 18:12] [ALPM] upgraded python-pyside-common (1.2.4-8 -> 1.2.4-9)
[2018-08-06 18:12] [ALPM] upgraded python-pyside (1.2.4-8 -> 1.2.4-9)
[2018-08-06 18:12] [ALPM] upgraded python-sip (4.19.12-4 -> 4.19.12-5)
[2018-08-06 18:12] [ALPM] upgraded python-werkzeug (0.14.1-2 -> 0.14.1-3)
[2018-08-06 18:12] [ALPM] upgraded python-yaml (3.13-1 -> 3.13-2)
[2018-08-06 18:12] [ALPM] upgraded python2-appdirs (1.4.3-1 -> 1.4.3-2)
[2018-08-06 18:12] [ALPM] upgraded python2-cairo (1.17.0-1 -> 1.17.0-2)
[2018-08-06 18:12] [ALPM] upgraded python2-pyparsing (2.2.0-1 -> 2.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded python2-six (1.11.0-1 -> 1.11.0-3)
[2018-08-06 18:12] [ALPM] upgraded python2-packaging (17.1-1 -> 17.1-2)
[2018-08-06 18:12] [ALPM] upgraded python2-setuptools (1:39.2.0-2 -> 1:39.2.0-3)
[2018-08-06 18:12] [ALPM] upgraded python2-chardet (3.0.4-1 -> 3.0.4-2)
[2018-08-06 18:12] [ALPM] upgraded python2-gobject (3.28.3-1 -> 3.28.3-2)
[2018-08-06 18:12] [ALPM] upgraded python2-gobject2 (2.28.7-1 -> 2.28.7-2)
[2018-08-06 18:12] [ALPM] upgraded python2-idna (2.7-2 -> 2.7-3)
[2018-08-06 18:12] [ALPM] upgraded python2-urllib3 (1.23-1 -> 1.23-2)
[2018-08-06 18:12] [ALPM] upgraded python2-requests (2.19.1-1 -> 2.19.1-2)
[2018-08-06 18:12] [ALPM] upgraded ranger (1.9.1-1 -> 1.9.1-2)
[2018-08-06 18:12] [ALPM] upgraded re2 (20180701-1 -> 20180801-1)
[2018-08-06 18:12] [ALPM] upgraded redshift (1.12-1 -> 1.12-2)
[2018-08-06 18:12] [ALPM] upgraded rxvt-unicode-terminfo (9.22-6 -> 9.22-7)
[2018-08-06 18:12] [ALPM] upgraded sip (4.19.12-4 -> 4.19.12-5)
[2018-08-06 18:12] [ALPM] upgraded vde2 (2.3.2-10 -> 2.3.2-11)
[2018-08-06 18:12] [ALPM-SCRIPTLET] vde config files should be placed in /etc/vde, sample files are provided.
[2018-08-06 18:12] [ALPM-SCRIPTLET] iptables and dhcpd sample files have been installed to '/usr/share/vde2'.
[2018-08-06 18:12] [ALPM-SCRIPTLET] Merge those examples, if needed to the according config files.
[2018-08-06 18:12] [ALPM] transaction completed
[2018-08-06 18:12] [ALPM] running '60-linux.hook'...
[2018-08-06 18:12] [ALPM] running '90-linux.hook'...
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Starting build: 4.17.12-arch1-1-ARCH
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [base]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [udev]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [autodetect]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [block]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [fsck]
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux.img
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Image generation successful
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Starting build: 4.17.12-arch1-1-ARCH
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [base]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [udev]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [block]
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: wd719x
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: aic94xx
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
[2018-08-06 18:12] [ALPM-SCRIPTLET] -> Running build hook: [fsck]
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-fallback.img
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Image generation successful
[2018-08-06 18:12] [ALPM] running 'detect-old-perl-modules.hook'...
[2018-08-06 18:12] [ALPM] running 'glib-compile-schemas.hook'...
[2018-08-06 18:12] [ALPM] running 'gtk-update-icon-cache.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-daemon-reload.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-sysusers.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-tmpfiles.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-udev-reload.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-update.hook'...
[2018-08-06 18:12] [ALPM] running 'texinfo-install.hook'...
[2018-08-06 18:12] [ALPM] running 'update-desktop-database.hook'...
Last edited by rytc (2018-08-07 14:10:12)
Offline
Just to mention that I face a similar issue, and had to fight a few hours to solve this.
Issue is : it completely breaks docker, that fails to start with messages such as
[IPTables] can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
which is a real pain as my arch machine is my work machine : can't do without docker.
In my case, I first thought a kernel downgrade would solve things, but apparently it was not the solution.
I had to remove firewalld
no replacement found so far
Last edited by squalou (2018-08-07 17:34:16)
Offline
Try to use iptables instead of nftables in the default configuration.
/etc/firewalld/firewalld.conf
...
FirewallBackend=iptables
...
https://firewalld.org/2018/07/nftables-backend
https://firewalld.org/2018/07/firewalld-0-6-0-release
Last edited by dapolinario (2018-08-07 21:09:16)
Arch Linux: The power in your hands!
Offline
Thank you !!
Offline
Try to use iptables instead of nftables in the default configuration.
/etc/firewalld/firewalld.conf
... FirewallBackend=iptables ...
https://firewalld.org/2018/07/nftables-backend
https://firewalld.org/2018/07/firewalld-0-6-0-release
Awesome, that looks to have fixed it. Thanks!
Offline
Hi, just wanted to post that I got it working by setting FirewallBackend=iptables in /etc/firewalld/firewalld.conf fixed it for me. Thanks!
Offline
Try to use iptables instead of nftables in the default configuration.
/etc/firewalld/firewalld.conf
... FirewallBackend=iptables ...
https://firewalld.org/2018/07/nftables-backend
https://firewalld.org/2018/07/firewalld-0-6-0-release
Actually, this is kind of workaround.
nftables was installed as a dependency to firewalld where iptables is listed too. But installing nftables breaks iptable_nat module load if you have NAT rules in firewalld configuration and this stops firewalld from starting.
I blacklisted
cat /etc/modprobe.d/nftables.conf | grep -v #
blacklist nft_masq_ipv4
blacklist nft_masq_ipv6
blacklist nft_chain_nat_ipv6
blacklist nft_chain_nat_ipv4
those 4 modules and iptable_nat is able to load, but firewalld can't start (didn't change backend yet).
All other modules from iptables and nft can be loaded at the same time except NAT.
This is kind of bug of nft? My logic: if they are both listed as dep to one service, they should work together.
Offline
eth0:1's solution partially worked for me. libvirt can now start its networks, but docker still fails (see Docker service wont start with firewalld). EDIT: didn't quite have the blacklist file right; it works now.
Last edited by backerman (2018-08-12 18:39:55)
Offline
I was able to switch back to "nftables" in firewalld.conf with the latest version of firewalld that was just pushed to the non-testing repos (firewalld-0.6.1-1). libvirt now starts it networks. I did not have to black list anything.
Offline
Online
I have the same issue, arch is my work machine and docker stop working after update, change the firewalld.conf works for me too, thanks.
Offline
I spent at least three hours trying to understand why network in docker container partially broken. Thanks, "FirewallBackend=iptables" works!
Offline
I was able to switch back to "nftables" in firewalld.conf with the latest version of firewalld that was just pushed to the non-testing repos (firewalld-0.6.1-1). libvirt now starts it networks. I did not have to black list anything.
I was wrong (or something else has changed). I had to switch back to "FirewallBackend=iptables" in order for the "default" NAT in libvirt to set the IP in my VM with DHCP correctly. Static IP seemed to work although I didn't bother to test setting a static DNS server.
Offline
Try to use iptables instead of nftables in the default configuration.
Worked for me, too. Thanks!
Offline