Maniphest T9306

lxd init fails on iptables rule creation
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	tarkah
	Sep 30 2020, 11:47 PM

Tags

Referenced Files

None

Subscribers

Description

lxd init fails with the following error:

Error: Failed to create network "lxdbr0" in project "default": Failed to run: iptables -w -t mangle -I POSTROUTING -o lxdbr0 -p udp --dport 68 -j CHECKSUM --checksum-fill -m comment --comment generated for LXD network lxdbr0: iptables: No chain/target/match by that name.

I believe it's failing because CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not enabled for the kernel.

My current workaround is to lxc network create lxdbr0 ipv4.firewall=false, then manually run the iptables command without -j CHECKSUM --checksum-fill. Then continue with lxd init and choose the already created lxdbr0 bridge. This seems to work.

Any reason that is not enabled on the kernel?

Revisions and Commits

R3571 linux-current
	R3571:e92a5aacd81d Add CONFIG_NETFILTER_XT_TARGET_CHECKSUM for next build.

Event Timeline

tarkah created this task.Sep 30 2020, 11:47 PM

Herald added a project: Lacks Project. · View Herald TranscriptSep 30 2020, 11:47 PM

Probably no one requested it. I'll add it to my list.

DataDrake triaged this task as Normal priority.Nov 14 2020, 5:24 PM

DataDrake moved this task from Backlog to Kernel Drivers on the Hardware board.

Awesome, thanks!

Since LXD is now working again as Snap issues have been resolved, would it be possible enable CONFIG_NETFILTER_XT_TARGET_CHECKSUM?

Sure. I'll update our config now so I won't forget and it'll be sorted when I update the kernel next time (next week).

JoshStrobl closed this task as Resolved by committing R3571:e92a5aacd81d: Add CONFIG_NETFILTER_XT_TARGET_CHECKSUM for next build..Mar 25 2021, 3:54 PM

JoshStrobl added a commit: R3571:e92a5aacd81d: Add CONFIG_NETFILTER_XT_TARGET_CHECKSUM for next build..