kazu514

Hi everyone, I'm trying to use docker on the Tinker System 3N, but it's not work properly. If possible, could you please provide any solutions you might have? [What I'd like to do] To use latest verion of docker on the Tinker System 3N [Systems Information] System: Tinker System 3N Tinker OS: Tinker System 3N/Tinker Board 3N Debian 11 (Kernel 5.10) V1.0.31 docker-ce: v28.4.0 iptables: v1.8.7 [Problems Encountered] Problem 1: When the docker daemon is started, the following error is recorded, and docker daemon does not work properly. failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to add jump rules to ipv4 NAT table: failed to append jump rules to nat-PREROUTING: (iptables failed: iptables --wait -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER: iptables v1.8.7 (nf_tables): Couldn't load match 'addrtype':No such file or directory Try 'iptables -h' or 'iptables --help' for more information (exit status 2)) Assumed Cause: The mach 'addrtype' is not loaded on kernel/iptables(nftables). Problem 2: When I tried to run docker container, the following error is recorded, and docker container does not work properly. docker: Error response from daemon: failed to set up container networking: failed to create endpoint nifty_wilbur on network bridge: unableto enable DIRECT ACCESS FILTERING - DROP rule: (iptables failed: iptables --wait -t raw -A PREROUTING -d 172.17.0.2 ! -i docker0 -j DROP: iptables v1.8.7 (legacy): can't initialize iptables table 'raw': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. (exit status 3)) Assumed Cause: CONFIG_IP_NF_RAW seems to be required for docker v28.0.0 or later, but CONFIG_IP_NF_RAW is not provided by the kernel. Ref: https://docs.docker.com/engine/release-notes/28/ [Possible Solutions] Solution A: 1. Use iptables-legacy: $ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy $ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2. Disable CONFIG_IP_NF_RAW: $ sudo systemctl edit docker.service And add following configration: [Service] Environment="DOCKER_INSECURE_NO_IPTABLES_RAW=1" Result: docker will work. --------------------------------- Solution B: 1. Use iptables-legacy: $ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy $ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2. Downgrade docker to v27.5.1: $ sudo apt-get install docker-ce=5:27.5.1-1~debian.11~bullseye docker-ce-cli=5:27.5.1-1~debian.11~bullseye Result: docker will work. --------------------------------- Solution C: 1. Disalbe the use of iptables in docker: $ sudo vim /etc/docker/daemon.json And add following configration: { "iptables": false } Result: docker will work. [Conclusion] Each possible solution resolves the issue; however, there are still security concerns. Does anyone have any other solutions?