Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NFTables conflict when Libvirt is running #626

Open
hoh opened this issue May 30, 2024 · 2 comments
Open

NFTables conflict when Libvirt is running #626

hoh opened this issue May 30, 2024 · 2 comments
Assignees
@hoh

Comments

@hoh
Copy link
Member

hoh commented May 30, 2024 

May 30 15:02:36 aleph-server-8 python3[853913]: Original exception was:
May 30 15:02:36 aleph-server-8 python3[853913]: Traceback (most recent call last):
May 30 15:02:36 aleph-server-8 python3[853913]:   File "<frozen runpy>", line 198, in _run_module_as_main
May 30 15:02:36 aleph-server-8 python3[853913]:   File "<frozen runpy>", line 88, in _run_code
May 30 15:02:36 aleph-server-8 python3[853913]:   File "/opt/aleph-vm/aleph/vm/orchestrator/__main__.py", line 4, in <module>
May 30 15:02:36 aleph-server-8 python3[853913]:     main()
May 30 15:02:36 aleph-server-8 python3[853913]:   File "/opt/aleph-vm/aleph/vm/orchestrator/cli.py", line 368, in main
May 30 15:02:36 aleph-server-8 python3[853913]:     supervisor.run()
May 30 15:02:36 aleph-server-8 python3[853913]:   File "/opt/aleph-vm/aleph/vm/orchestrator/supervisor.py", line 150, in run
May 30 15:02:36 aleph-server-8 python3[853913]:     pool.setup()
May 30 15:02:36 aleph-server-8 python3[853913]:   File "/opt/aleph-vm/aleph/vm/pool.py", line 79, in setup
May 30 15:02:36 aleph-server-8 python3[853913]:     self.network.setup()
May 30 15:02:36 aleph-server-8 python3[853913]:   File "/opt/aleph-vm/aleph/vm/network/hostnetwork.py", line 161, in setup
May 30 15:02:36 aleph-server-8 python3[853913]:     initialize_nftables()
May 30 15:02:36 aleph-server-8 python3[853913]:   File "/opt/aleph-vm/aleph/vm/network/firewall.py", line 130, in initialize_nftables
May 30 15:02:36 aleph-server-8 python3[853913]:     raise NotImplementedError(msg)
May 30 15:02:36 aleph-server-8 python3[853913]: NotImplementedError: Multiple base chains for an nftables basechain are not supported: postrouting
@hoh hoh self-assigned this May 30, 2024
@hoh
Copy link
Member Author

hoh commented May 30, 2024

Apparently a postrouting chain would already have bee configured by Libvirt:

table ip6 nat {
        chain LIBVIRT_PRT {
        }

        chain POSTROUTING {
                type nat hook postrouting priority srcnat; policy accept;
                counter packets 0 bytes 0 jump LIBVIRT_PRT
        }
}
table ip6 mangle {
        chain LIBVIRT_PRT {
        }

        chain POSTROUTING {
                type filter hook postrouting priority mangle; policy accept;
                counter packets 69910139 bytes 27400537652 jump LIBVIRT_PRT
        }
}

@hoh
Copy link
Member Author

hoh commented Jun 4, 2024

This is apparently due to Libvirt being installed on the machine, conflicting on the NFTables rules.

@hoh hoh changed the title NFTables error on Ubuntu 24.04 / test server NFTables conflict when Libvirt is running Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hoh hoh

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hoh