Skip to main content

IPTables

One user claimed that when they enabled wireguard via a `docker-compose up` that all containers lost internet access.

 

TCPDumps showed that NAT from the bridges to the external interface had been lost at some point, indicating that the iptables may have been dropped or altered in such a way that the docker bridges could no longer properly NAT traffic.

One clue that was given, but missed several times. In the `iptables-save` before wireguard came on which broke connectivity showed no mention of legacy tables. After wireguard was started, `iptables-legacy-save` was reportedly needed to see all the rules. Following this instruction showed an empty ruleset, a life without nat!

The user simply switched off nftables to "legacy" mode via the openmediavault UI, but presumably a newer debian user could also just run `update-alternatives --set iptables /usr/sbin/iptables-legacy` to get the same effect.

 

No problem:

# Completed on Sun Aug 9 21:51:20 2020
root@DK:~#

Problem:

# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
root@DK:/srv/dev-disk-by-label-HC2/DockerCompose/wireguard#