Docker doesn't work because of some iptables issues

At first, when I tried to run dockerd, it outputed:

failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.8 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
(exit status 3)

Then I tried this solution and the error message turned to:

WARN[2024-11-30T10:01:36.633205143Z] ip6tables is enabled, but cannot set up ip6tables chains  error="failed to create NAT chain DOCKER: iptables failed: ip6tables --wait -t nat -N DOCKER: ip6tables v1.8.8 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n (exit status 3)"
WARN[2024-11-30T10:01:36.635714776Z] Setting the default DROP policy on firewall reload failed, setting default policy to DROP in FORWARD chain failed:  (iptables failed: ip6tables --wait -t filter -P FORWARD DROP: ip6tables v1.8.8 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
 (exit status 3)) 
WARN[2024-11-30T10:01:36.639694010Z] Could not load necessary modules for IPSEC rules: protocol not supported 
INFO[2024-11-30T10:01:36.650589569Z] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address 
INFO[2024-11-30T10:01:36.862061038Z] stopping event stream following graceful shutdown  error="<nil>" module=libcontainerd namespace=moby
INFO[2024-11-30T10:01:36.863088884Z] stopping healthcheck following graceful shutdown  module=libcontainerd
INFO[2024-11-30T10:01:36.863226351Z] stopping event stream following graceful shutdown  error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error creating default "bridge" network: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE: Warning: Extension MASQUERADE revision 0 not supported, missing kernel module?
iptables v1.8.8 (nf_tables):  RULE_INSERT failed (No such file or directory): rule in chain POSTROUTING
 (exit status 4))

That might be a complex issues, can I simply update to official compiled firmware via this?


Will that overwrite the software I installed?

I'm new to the community, thank you guys for any help. :smiling_face_with_three_hearts:

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

  1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
  2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
  3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

Here are my basic infomation:

It is not OpenWRT from openwrt.org , you have to ask forked distribution to get help with their customisations.

If I remember correctly, I built this from main branch by myself(following some tutorials).

It's EOL anyway, you need to upgrade, or enjoy your homebrew.

OK, can I update by the function I mentioned above? Or I can only update by fresh installation?

changing fork to openwrt is like major upgrade/downgrade where you totally can not keep any settings across.
get a new (usb) disk to be safe,

Your current OS is a black box to us.

I'm updating by sysupgrade, hope that will work. :pray:

Oh no, the official image seems to lack some packages, I've not only lost the internet connection, but also can't access Lcui. :sob:

Only reason why you'd loose luci, would be if you installed a snapshot, or the config layout from your old image is incompatible with the new one.

Yeah, that's annoying. And the default root partition is too small. I'm still considering building by myself.

I'm guessing your custom build had a bigger root partition than default? If so, then the sysupgrade probably couldn't retain the config even though it says it did, so you are back at default settings.

Try connecting on default 192.168.1.1 instead of your old 192.168.6.1...

Is using openwrt in docker a good idea?

If by "using" you mean "deployed as a real router", then no. If you mean to deploy it there as an "easy" way to play with an experimental networking lab, then sure, why not.

("Easy" may not turn out to be actually easy due to docker's deficiencies, almost always better to use a VM for this.)