Hi all,
in order to test some containers features and try to replace some old "captive portals" in my office, I'd like to setup a container running apache+iptables. I can understand that this approach would require a VM instead of a container, but sometimes it's nice to make some testing for the love of of it.
Basically I have been building many images for containers, starting with Debian version 10 and 11. Images were built with following command on a Ubuntu WS, running kernel 6.5.0-13:
docker buildx build --platform arm64 -t debian_11 .
Images were later saved and transferred to the MKT 5009 hardware running 7.13 RouterOS.
Dockerfile:
FROM debian:stable
RUN apt-get update
RUN apt install openssh-server -y
RUN apt install net-tools iputils-ping traceroute -y
RUN apt install vim nano iproute2 iptables build-essential -y
RUN apt install isc-dhcp-client isc-dhcp-server -y
RUN apt install lshw ethtool vlan kmod -y
RUN apt install zsh tmux aria2 htop pv speedtest-cli vim curl wget netcat-traditional iperf3 iputils-ping iputils-tracepath iputils-arping iproute2 -y
RUN
RUN useradd -rm -d /home/<myusername> -s /bin/bash -g root -G sudo <myusername>
RUN echo '<myusername>::<mypass>' | chpasswd
RUN service ssh start
CMD ["/usr/sbin/sshd","-D"]
The point is that I am not able to run iptables in order to perform some NAT inside the container. Well... once I managed to but after a reboot the magic was gone and I was not able to reproduce the behaviour.
The errors I get are:
iptables -t nat -L
iptables v1.8.9 (nf_tables): Could not fetch rule set generation id: Invalid argument
root@MikroTik:/# iptables-legacy -t nat -L
iptables v1.8.9 (legacy): can't initialize iptables table `nat': Module is wrong version
Perhaps iptables or your kernel needs to be upgraded.
root@MikroTik:/#
Any help will be appreciated.
Thank you in advance. Best regards.
in order to test some containers features and try to replace some old "captive portals" in my office, I'd like to setup a container running apache+iptables. I can understand that this approach would require a VM instead of a container, but sometimes it's nice to make some testing for the love of of it.
Basically I have been building many images for containers, starting with Debian version 10 and 11. Images were built with following command on a Ubuntu WS, running kernel 6.5.0-13:
docker buildx build --platform arm64 -t debian_11 .
Images were later saved and transferred to the MKT 5009 hardware running 7.13 RouterOS.
Dockerfile:
FROM debian:stable
RUN apt-get update
RUN apt install openssh-server -y
RUN apt install net-tools iputils-ping traceroute -y
RUN apt install vim nano iproute2 iptables build-essential -y
RUN apt install isc-dhcp-client isc-dhcp-server -y
RUN apt install lshw ethtool vlan kmod -y
RUN apt install zsh tmux aria2 htop pv speedtest-cli vim curl wget netcat-traditional iperf3 iputils-ping iputils-tracepath iputils-arping iproute2 -y
RUN
RUN useradd -rm -d /home/<myusername> -s /bin/bash -g root -G sudo <myusername>
RUN echo '<myusername>::<mypass>' | chpasswd
RUN service ssh start
CMD ["/usr/sbin/sshd","-D"]
The point is that I am not able to run iptables in order to perform some NAT inside the container. Well... once I managed to but after a reboot the magic was gone and I was not able to reproduce the behaviour.
The errors I get are:
iptables -t nat -L
iptables v1.8.9 (nf_tables): Could not fetch rule set generation id: Invalid argument
root@MikroTik:/# iptables-legacy -t nat -L
iptables v1.8.9 (legacy): can't initialize iptables table `nat': Module is wrong version
Perhaps iptables or your kernel needs to be upgraded.
root@MikroTik:/#
Any help will be appreciated.
Thank you in advance. Best regards.
Statistics: Posted by ordnit — Tue Dec 26, 2023 10:32 pm