Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

non-legacy iptables backend change breaks net scripts #35

Closed
sarnold opened this issue Jun 2, 2020 · 1 comment · Fixed by #37
Closed

non-legacy iptables backend change breaks net scripts #35

sarnold opened this issue Jun 2, 2020 · 1 comment · Fixed by #37
Assignees
@sarnold
Labels
distro OS or distro runtime environment

Comments

@sarnold
Copy link
Contributor

sarnold commented Jun 2, 2020
edited
Loading

At some point after bionic the default iptables (command) backend changed from legacy to nf_tables that results in the current net scripts failing to setup the correct masq ports.

Log errors:

2020-06-02 19:13:00 UTC node_tools.network_funcs.do_net_cmd +308: ERROR [2912] net cmd fpn0-setup.sh msg: iptables v1.8.4 (nf_tables): unknown option "--dport"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.4 (nf_tables): unknown option "--dport"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.4 (nf_tables): unknown option "--dport"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.4 (nf_tables): unknown option "--dport"
Try `iptables -h' or 'iptables --help' for more information.
4 warnings/errors

Current manual workaround:

As documented here (https://github.com/kubernetes/website/commit/9cdaf4ead1f4c514a6a2582ab00e01efad331a0d/) the affected user node can be "fixed" by setting the default back to legacy using the following command:

update-alternatives --set iptables /usr/sbin/iptables-legacy

followed by a restart of the fpnd service.

Found in:

# cat /etc/os-release 
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2020.2"
VERSION_ID="2020.2"
VERSION_CODENAME="kali-rolling"
ID_LIKE=debian
ANSI_COLOR="1;31"
HOME_URL="https://www.kali.org/"
SUPPORT_URL="https://forums.kali.org/"
BUG_REPORT_URL="https://bugs.kali.org/"
@sarnold sarnold added the distro OS or distro runtime environment label Jun 2, 2020
@sarnold
Copy link
Contributor Author

sarnold commented Jun 2, 2020

The above fixes startup but kali/rolling 64bit on rpi3 is still not shutting down correctly; the log finishes with repeated fpn0 shutdown msgs and is missing output for the cmds that follow iface shutdown.

@sarnold sarnold self-assigned this Jun 3, 2020
sarnold added a commit that referenced this issue Jun 5, 2020
@sarnold
fixes for github issues #35 and #36 plus a cleanup logging change
0dc9667 
* check for iptables-legacy and use it if found
* stop letting systemd kill anything and manually send the TERM signal

Signed-off-by: Stephen Arnold <nerdboy@gentoo.org>
@sarnold sarnold mentioned this issue Jun 5, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sarnold sarnold

Labels
distro OS or distro runtime environment
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixes for iptables/nf_tables and systemd execstop craziness freepn/fpnd
1 participant
@sarnold