kazu514 0 Posted September 10 Hi everyone, I'm trying to use docker on the Tinker System 3N, but it's not work properly. If possible, could you please provide any solutions you might have? [What I'd like to do] To use latest verion of docker on the Tinker System 3N [Systems Information] System: Tinker System 3N Tinker OS: Tinker System 3N/Tinker Board 3N Debian 11 (Kernel 5.10) V1.0.31 docker-ce: v28.4.0 iptables: v1.8.7 [Problems Encountered] Problem 1: When the docker daemon is started, the following error is recorded, and docker daemon does not work properly. failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to add jump rules to ipv4 NAT table: failed to append jump rules to nat-PREROUTING: (iptables failed: iptables --wait -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER: iptables v1.8.7 (nf_tables): Couldn't load match 'addrtype':No such file or directory Try 'iptables -h' or 'iptables --help' for more information (exit status 2)) Assumed Cause: The mach 'addrtype' is not loaded on kernel/iptables(nftables). Problem 2: When I tried to run docker container, the following error is recorded, and docker container does not work properly. docker: Error response from daemon: failed to set up container networking: failed to create endpoint nifty_wilbur on network bridge: unableto enable DIRECT ACCESS FILTERING - DROP rule: (iptables failed: iptables --wait -t raw -A PREROUTING -d 172.17.0.2 ! -i docker0 -j DROP: iptables v1.8.7 (legacy): can't initialize iptables table 'raw': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. (exit status 3)) Assumed Cause: CONFIG_IP_NF_RAW seems to be required for docker v28.0.0 or later, but CONFIG_IP_NF_RAW is not provided by the kernel. Ref: https://docs.docker.com/engine/release-notes/28/ [Possible Solutions] Solution A: 1. Use iptables-legacy: $ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy $ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2. Disable CONFIG_IP_NF_RAW: $ sudo systemctl edit docker.service And add following configration: [Service] Environment="DOCKER_INSECURE_NO_IPTABLES_RAW=1" Result: docker will work. --------------------------------- Solution B: 1. Use iptables-legacy: $ sudo update-alternatives --set iptables /usr/sbin/iptables-legacy $ sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2. Downgrade docker to v27.5.1: $ sudo apt-get install docker-ce=5:27.5.1-1~debian.11~bullseye docker-ce-cli=5:27.5.1-1~debian.11~bullseye Result: docker will work. --------------------------------- Solution C: 1. Disalbe the use of iptables in docker: $ sudo vim /etc/docker/daemon.json And add following configration: { "iptables": false } Result: docker will work. [Conclusion] Each possible solution resolves the issue; however, there are still security concerns. Does anyone have any other solutions? Share this post Link to post Share on other sites
