Skip to main content

IPTables

One user claimed that when they enabled wireguard via a `docker-compose up` that all containers lost internet access.

 

TCPDumps showed that NAT had been lost at some point, indicating that the iptables may have been dropped or altered in such a way that the docker bridges could no longer properly NAT traffic.

One clue that was given, but missed several times. In the `iptables-save` before wireguard came on which broke connectivity showed no mention of legacy tables. After wireguard was started, `iptables-legacy-save` was reportedly needed to see all the rules. Following this instruction showed an empty ruleset, a life without nat!

The user simply switched off nftables to "legacy" mode via the openmediavault UI, but presumably a newer debian user could also just run `update-alternatives --set iptables /usr/sbin/iptables-legacy` to get the same effect.

 

No problem:

# Completed on Sun Aug 9 21:51:20 2020
root@DK:~#

Problem:

# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
root@DK:/srv/dev-disk-by-label-HC2/DockerCompose/wireguard#
Back to top