Description
Is this a bug report, feature (enhancement) request or question? (leave only one on its own line)
Bug
Description:
Firstly, this is awesome work so thank you so so so much.
I have been able to use this to run our x86 docker stack in platform linux/arm64 mode with emulation and for the most part everything works and all my tests pass.
We have an integration test which checks if certain ports are open that get blocked by a bunch of iptable rules, but it seems like running iptables just causes an error.
/tailscale # iptables -L
iptables v1.8.7 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
I am currently using several Alpine images and it fails on all of them:
FROM tailscale/tailscale:v1.20.4
FROM headscale/headscale:0.14.0-alpine
FROM traefik:v2.5
Steps to reproduce the issue:
- On x86 Run these two commands:
$ docker run --privileged --rm tonistiigi/binfmt --install arm64
$ docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
$ docker run --platform linux/arm64 -it traefik:v2.5 ash
Inside the container install iptables
/ # apk add iptables
Try running it:
/ # iptables -L
Describe the results you received:
iptables v1.8.7 (legacy): can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Describe the results you expected:
iptables to work
Environment:
- QEMU version: (if you can know it):
- Container application: Docker/Podman/Singularity (Leave only one)
Output of docker version, podman version or singularity version
This happens on my MacOS Intel Macbook Pro as well as on our Linux Ubuntu x86 machines.
docker version
Client:
Cloud integration: v1.0.23
Version: 20.10.14
API version: 1.41
Go version: go1.16.15
Git commit: a224086
Built: Thu Mar 24 01:49:20 2022
OS/Arch: darwin/amd64
Context: default
Experimental: true
Server: Docker Desktop 4.7.1 (77678)
Engine:
Version: 20.10.14
API version: 1.41 (minimum version 1.12)
Go version: go1.16.15
Git commit: 87a90dc
Built: Thu Mar 24 01:46:14 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.11
GitCommit: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc:
Version: 1.0.3
GitCommit: v1.0.3-0-gf46b6ba
docker-init:
Version: 0.19.0
GitCommit: de40ad0
(paste your output here)
**Additional information optionally:**
Are these related:
https://serverfault.com/questions/1059106/cant-initialize-iptables-table-nat-under-qemu
https://unix.stackexchange.com/questions/214039/qemu-aarch64-and-networking-connections