Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iptables-legacy : Latest gluetun needs qbittorrent-natmap to be updated. #23

Open
OrpheeGT opened this issue May 4, 2024 · 6 comments
Open

iptables-legacy : Latest gluetun needs qbittorrent-natmap to be updated. #23

OrpheeGT opened this issue May 4, 2024 · 6 comments

Comments

@OrpheeGT
Copy link

OrpheeGT commented May 4, 2024
edited
Loading

Hello,

With latest gluetun update, qbitorrent-natmap does not work anymore :

2024-05-05 01:11:31 | VPN container gluetun in healthy state!
2024-05-05 01:11:32 | Unable to reach qBittorrent at 10.2.0.2:8080
2024-05-05 01:11:33 | VPN container gluetun in healthy state!
2024-05-05 01:11:38 | qBittorrent SessionID Ok!
2024-05-05 01:11:38 | Public IP: xxxxxx
2024-05-05 01:11:38 | Configured Port: xxxxx
2024-05-05 01:11:38 | Active Port: xxxxx
2024-05-05 01:11:38 | Port OK (Act: xxxxx Cfg: xxxxx)
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument
Warning: Extension tcp revision 0 not supported, missing kernel module?
iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument
Warning: Extension udp revision 0 not supported, missing kernel module?
iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument
2024-05-05 01:11:38 | IPTables rule added for port xxxxx on gluetun container
2024-05-05 01:11:38 | NAT-PMP/UPnP Ok!
2024-05-05 01:11:38 | Sleeping for 0 minutes

image

The rules in start.sh needs to be updated :

/sbin/iptables as to be replaced with /sbin/iptables-legacy

fw_delrule(){
    if (docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -L INPUT -n | grep -qP "^ACCEPT.*${configured_port}.*"); then
        # shellcheck disable=SC2086
        docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -D INPUT -i "${VPN_IF_NAME}" -p tcp --dport ${configured_port} -j ACCEPT
        # shellcheck disable=SC2086
        docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -D INPUT -i "${VPN_IF_NAME}" -p udp --dport ${configured_port} -j ACCEPT
    fi
}

fw_addrule(){
    if ! (docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -L INPUT -n | grep -qP "^ACCEPT.*${active_port}.*"); then
        # shellcheck disable=SC2086
        docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -A INPUT -i "${VPN_IF_NAME}" -p tcp --dport ${active_port} -j ACCEPT
        # shellcheck disable=SC2086
        docker exec "${VPN_CT_NAME}" /sbin/iptables-legacy -A INPUT -i "${VPN_IF_NAME}" -p udp --dport ${active_port} -j ACCEPT
        return 0
    else
        return 1
    fi
}

Once docker image modified, it works again :


2024-05-05 01:44:39 | VPN container gluetun in healthy state!
2024-05-05 01:44:39 | Unable to reach qBittorrent at 10.2.0.2:8080
2024-05-05 01:44:40 | VPN container gluetun in healthy state!
2024-05-05 01:44:40 | Unable to reach qBittorrent at 10.2.0.2:8080
2024-05-05 01:44:41 | VPN container gluetun in healthy state!
2024-05-05 01:44:47 | qBittorrent SessionID Ok!
2024-05-05 01:44:47 | Public IP: xxxxxxx
2024-05-05 01:44:47 | Configured Port: xxxxx
2024-05-05 01:44:47 | Active Port: xxxxx
2024-05-05 01:44:47 | Port OK (Act: xxxxx Cfg: xxxxx)
2024-05-05 01:44:47 | IPTables rule added for port xxxxx on gluetun container
2024-05-05 01:44:47 | NAT-PMP/UPnP Ok!
2024-05-05 01:44:47 | Sleeping for 0 minutes
2024-05-05 01:45:32 | qBittorrent SessionID Ok!
2024-05-05 01:45:32 | Public IP: xxxxxxx
2024-05-05 01:45:32 | Configured Port: xxxxx
2024-05-05 01:45:32 | Active Port: xxxxx
2024-05-05 01:45:32 | Port OK (Act: xxxxx Cfg: xxxxx)

image
@OrpheeGT OrpheeGT mentioned this issue May 7, 2024
Closed
@Gunther0042
Copy link

Gunther0042 commented Jun 21, 2024
edited
Loading

I'm having this same issue and I'm not smart enough to modify the code so I just downgraded Gluetun to v3.37 in the meantime. @OrpheeGT Any chance you would be willing to fork the code with your fix and make a PR and/or offer the fixed version on Dockerhub?

@OrpheeGT
Copy link
Author

OrpheeGT commented Jun 21, 2024
edited
Loading

I just did a local dirty patch...

on my system running the container :

# to export file from container :
docker container cp qbittorrent-natmap:"/start.sh" start.sh

# then edit all occurences it to change "/sbin/iptables " by "/sbin/iptables-legacy "  on exported start.sh
# you can do it with your prefered text editor

#then send back the modded start.sh to container : 
docker container cp start.sh qbittorrent-natmap:"/start.sh"

# then "commit" the change
docker container commit qbittorrent-natmap

 # then identify new image
docker image ls |grep none

# choose the result created a few seconds ago 
# exemple : 
# "<none>                        <none>       391f8bf92930   12 seconds ago"
docker image tag 391f8bf92930 ghcr.io/soxfor/qbittorrent-natmap::fix
# (replace 391f8bf92930 by ID found from your result)

Then edit your docker-compose.yml to set "fix" instead of "latest" on line :
https://github.com/soxfor/qbittorrent-natmap/blob/main/docker-compose.yml#L67

and you run
docker-compose down
docker-compose up -d

It should "work"...

Edit : Fixed wrong values.

@darrentmorgan
Copy link

Hey @OrpheeGT ,

This helped me tremendously, thank you very much. I've also shared this fix to the drfrankenstein discord as a solution referencing your work. Have you considered making a pull request to have this fixed? Or would these changes break things for other users?

Thankyou again!

@mukcodes
Copy link

Thanks everyone!!! I got it working!! :D I will do a big write up and post my fix for DS920+ with qbittorrent + qbittorrent-natmap + OpenVPN. I just need to do some testing to confirm what I post is the correct fix.

@grosejon
Copy link

I just did a local dirty patch...

on my system running the container :

# to export file from container :
docker container cp qbittorrent-natmap:"/start.sh" start.sh

# then edit all occurences it to change "/sbin/iptables " by "/sbin/iptables-legacy "  on exported start.sh
# you can do it with your prefered text editor

#then send back the modded start.sh to container : 
docker container cp start.sh qbittorrent-natmap:"/start.sh"

# then "commit" the change
docker container commit qbittorrent-natmap

 # then identify new image
docker image ls |grep none

# choose the result created a few seconds ago 
# exemple : 
# "<none>                        <none>       391f8bf92930   12 seconds ago"
docker image tag 391f8bf92930 ghcr.io/soxfor/qbittorrent-natmap::fix
# (replace 391f8bf92930 by ID found from your result)

Then edit your docker-compose.yml to set "fix" instead of "latest" on line : https://github.com/soxfor/qbittorrent-natmap/blob/main/docker-compose.yml#L67

and you run docker-compose down docker-compose up -d

It should "work"...

Edit : Fixed wrong values.

This worked perfectly. Thank you!

@EpicOfficer
Copy link

Thank you for this! I forked the repo and will create a PR when I get chance

In the meantime, anybody struggling is welcome to use my image: ghcr.io/epicofficer/qbittorrent-natmap:main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@OrpheeGT @EpicOfficer @mukcodes @grosejon @darrentmorgan @Gunther0042