Podman can't run any container

I successfully installed podman. It runs, I can download containers. But as soon as I try to start a container I get this error:
Error: netavark: ip6tables: No such file or directory (os error 2)

Any hints as to what the issue is would be greatly appreciated.

Install ip6tables-nft?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

Thank you for your support!
Install nft6tables and see if it helps.

Frankly no idea how it works at all. You need to install ip6tables-nft package to provide command used by podman.

Thank you. I wil do that!

You have nonsensical masquerade settings. Masquerade should be used on likes of wan where you want multiple machines aliased to single IP address going to internet.

Now I get:

root@ZyxelOpenWrt:~# podman run hello-world
Error: netavark: unable to append rule '! -d 224.0.0.0/4 -j MASQUERADE' to table 'nat': code: 2, msg: iptables v1.8.8 (nf_tables): Chain 'MASQUERADE' does not e xist
Try `iptables -h' or 'iptables --help' for more information.

What rule do I have to implement?

Please follow the podman guide:

https://openwrt.org/docs/guide-user/virtualization/docker_host?s[]=podman#podman

iptables/nftables support isn't needed then since utilizing the OpenWrt firewall

The setting for the firewall_driver can be found in /etc/containers/containers.conf

I followed the guide and copied the settings in the firewall.conf. But I don't understand the connex betwen the /etc/containers/containers.conf and the /etc/config/firewall.conf. Do I have to edit the containers.conf too?

No such file on OpenWRT.

You need to disable the podman/netavark firewall support in /etc/containers/containers.conf (firewall_driver = "none")

1 Like

Thank you. That worked!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.