docker fails with “iptables: No chain/target/match by that name”Unable to make outbound SNMP connections...
How to have a sharp product image?
Retract an already submitted recommendation letter (written for an undergrad student)
What does "function" actually mean in music?
Do I need to watch Ant-Man and the Wasp and Captain Marvel before watching Avengers: Endgame?
Extracting Dirichlet series coefficients
Drawing a german abacus as in the books of Adam Ries
Check if a string is entirely made of the same substring
What was Apollo 13's "Little Jolt" after MECO?
Would the change in enthalpy (ΔH) for the dissolution of urea in water be positive or negative?
Find the identical rows in a matrix
"The cow" OR "a cow" OR "cows" in this context
I preordered a game on my Xbox while on the home screen of my friend's account. Which of us owns the game?
Is there metaphorical meaning of "aus der Haft entlassen"?
Is Electric Central Heating worth it if using Solar Panels?
Can a level 2 Warlock take one level in rogue, then continue advancing as a warlock?
What is purpose of DB Browser(dbbrowser.aspx) under admin tool?
Should the Product Owner dictate what info the UI needs to display?
Is Diceware more secure than a long passphrase?
A Note on N!
Contradiction proof for inequality of P and NP?
Are there moral objections to a life motivated purely by money? How to sway a person from this lifestyle?
How do I check if a string is entirely made of the same substring?
How much of a wave function must reside inside event horizon for it to be consumed by the black hole?
Nails holding drywall
docker fails with “iptables: No chain/target/match by that name”
Unable to make outbound SNMP connections when IPTables is enabledTPROXY for redirecting UDP on arbitrary portsIPTABLES comment: No chain/target/match by that nameiptables, what is truly open?iptables: No chain/target/match by that nameCONFIG_NF_CONNTRACK is not setiptables DNAT: 'No chain/target/match by that name'Iptables with libnetfilter NATing problemOpenSuse15 -> iptables -> geoip “No chain/target/match by that name.”How to implement iptables on lxc-container?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
When I try to publish container's ports to the host, docker fails to add iptables rules:
$ sudo docker run --rm -p 8080:80 nginx
docker: Error response from daemon: driver failed programming external
connectivity on endpoint:
iptables failed:
iptables --wait -t nat -A DOCKER -p tcp -d 0/0
--dport 8080 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0
iptables: No chain/target/match by that name. (exit status 1)).
What confuses me is that the DOCKER chain seems to exist:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
... and also here:
$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
MASQUERADE all -- 172.18.0.0/16 anywhere
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Maybe relevant:ip a shows that docker0 is down:
$ ip a
...
74: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:01:52:de:7d brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
I tried to stop docker, remove the broken docker0 device, and restart docker again. Same error:
sudo systemctl stop docker.service
sudo ip link del docker0
sudo systemctl start docker.service
ip a still shows that docker0 is down. Running sudo docker run --rm -p 8080:80 nginx also runs in the identical error message as above.
System information:
$ docker --version
Docker version 18.05.0-ce, build f150324782
$ uname -a
Linux amd8-arch 4.16.7-1-ARCH #1 SMP PREEMPT Wed May 2 21:12:36 UTC 2018 x86_64 GNU/Linux
I am using Arch Linux.
iptables docker
asked May 18 '18 at 0:02
Philipp ClaßenPhilipp Claßen
1,47052033
bumped to the homepage by Community♦ 46 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
When I try to publish container's ports to the host, docker fails to add iptables rules:
$ sudo docker run --rm -p 8080:80 nginx
docker: Error response from daemon: driver failed programming external
connectivity on endpoint:
iptables failed:
iptables --wait -t nat -A DOCKER -p tcp -d 0/0
--dport 8080 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0
iptables: No chain/target/match by that name. (exit status 1)).
What confuses me is that the DOCKER chain seems to exist:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
... and also here:
$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
MASQUERADE all -- 172.18.0.0/16 anywhere
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Maybe relevant:ip a shows that docker0 is down:
$ ip a
...
74: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:01:52:de:7d brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
I tried to stop docker, remove the broken docker0 device, and restart docker again. Same error:
sudo systemctl stop docker.service
sudo ip link del docker0
sudo systemctl start docker.service
ip a still shows that docker0 is down. Running sudo docker run --rm -p 8080:80 nginx also runs in the identical error message as above.
System information:
$ docker --version
Docker version 18.05.0-ce, build f150324782
$ uname -a
Linux amd8-arch 4.16.7-1-ARCH #1 SMP PREEMPT Wed May 2 21:12:36 UTC 2018 x86_64 GNU/Linux
I am using Arch Linux.
iptables docker
asked May 18 '18 at 0:02
Philipp ClaßenPhilipp Claßen
1,47052033
bumped to the homepage by Community♦ 46 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Dont you need to doiptables -L -t natto see the chains there?
– meuh
May 18 '18 at 16:46
@meuh Updated: I added the output with "-t nat", too.
– Philipp Claßen
May 18 '18 at 19:51
add a comment |
When I try to publish container's ports to the host, docker fails to add iptables rules:
$ sudo docker run --rm -p 8080:80 nginx
docker: Error response from daemon: driver failed programming external
connectivity on endpoint:
iptables failed:
iptables --wait -t nat -A DOCKER -p tcp -d 0/0
--dport 8080 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0
iptables: No chain/target/match by that name. (exit status 1)).
What confuses me is that the DOCKER chain seems to exist:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
... and also here:
$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
MASQUERADE all -- 172.18.0.0/16 anywhere
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Maybe relevant:ip a shows that docker0 is down:
$ ip a
...
74: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:01:52:de:7d brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
I tried to stop docker, remove the broken docker0 device, and restart docker again. Same error:
sudo systemctl stop docker.service
sudo ip link del docker0
sudo systemctl start docker.service
ip a still shows that docker0 is down. Running sudo docker run --rm -p 8080:80 nginx also runs in the identical error message as above.
System information:
$ docker --version
Docker version 18.05.0-ce, build f150324782
$ uname -a
Linux amd8-arch 4.16.7-1-ARCH #1 SMP PREEMPT Wed May 2 21:12:36 UTC 2018 x86_64 GNU/Linux
I am using Arch Linux.
iptables docker
asked May 18 '18 at 0:02
Philipp ClaßenPhilipp Claßen
1,47052033
When I try to publish container's ports to the host, docker fails to add iptables rules:
$ sudo docker run --rm -p 8080:80 nginx
docker: Error response from daemon: driver failed programming external
connectivity on endpoint:
iptables failed:
iptables --wait -t nat -A DOCKER -p tcp -d 0/0
--dport 8080 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0
iptables: No chain/target/match by that name. (exit status 1)).
What confuses me is that the DOCKER chain seems to exist:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
... and also here:
$ sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DOCKER all -- anywhere !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.17.0.0/16 anywhere
MASQUERADE all -- 172.18.0.0/16 anywhere
Chain DOCKER (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Maybe relevant:ip a shows that docker0 is down:
$ ip a
...
74: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:01:52:de:7d brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
I tried to stop docker, remove the broken docker0 device, and restart docker again. Same error:
sudo systemctl stop docker.service
sudo ip link del docker0
sudo systemctl start docker.service
ip a still shows that docker0 is down. Running sudo docker run --rm -p 8080:80 nginx also runs in the identical error message as above.
System information:
$ docker --version
Docker version 18.05.0-ce, build f150324782
$ uname -a
Linux amd8-arch 4.16.7-1-ARCH #1 SMP PREEMPT Wed May 2 21:12:36 UTC 2018 x86_64 GNU/Linux
I am using Arch Linux.
iptables docker
iptables docker
asked May 18 '18 at 0:02
Philipp ClaßenPhilipp Claßen
1,47052033
asked May 18 '18 at 0:02
Philipp ClaßenPhilipp Claßen
1,47052033
edited May 18 '18 at 19:50
Philipp Claßen
asked May 18 '18 at 0:02
Philipp ClaßenPhilipp Claßen
1,47052033
asked May 18 '18 at 0:02
Philipp ClaßenPhilipp Claßen
1,47052033
asked May 18 '18 at 0:02
Philipp ClaßenPhilipp Claßen
1,47052033
1,47052033
bumped to the homepage by Community♦ 46 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 46 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Dont you need to doiptables -L -t natto see the chains there?
– meuh
May 18 '18 at 16:46
@meuh Updated: I added the output with "-t nat", too.
– Philipp Claßen
May 18 '18 at 19:51
add a comment |
Dont you need to doiptables -L -t natto see the chains there?
– meuh
May 18 '18 at 16:46
@meuh Updated: I added the output with "-t nat", too.
– Philipp Claßen
May 18 '18 at 19:51
Dont you need to do
iptables -L -t nat to see the chains there?– meuh
May 18 '18 at 16:46
Dont you need to do
iptables -L -t nat to see the chains there?– meuh
May 18 '18 at 16:46
@meuh Updated: I added the output with "-t nat", too.
– Philipp Claßen
May 18 '18 at 19:51
@meuh Updated: I added the output with "-t nat", too.
– Philipp Claßen
May 18 '18 at 19:51
add a comment |
1 Answer
1
active
oldest
votes
Ah, bad luck guy.
Docker 18.05.0-ce is the first release, in which adopt the following networking feature,
Update libnetwork to improve scalabiltiy of bridge network isolation
rules. moby/moby#36774
In this feature, the chain DOCKER-ISOLATION in iptable filter table is replaced by DOCKER-ISOLATION-STAGE-1 and DOCKER-ISOLATION-STAGE-2.
See release log 18.05.0-ce.
answered Mar 26 at 1:58
SamSam
1
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f444498%2fdocker-fails-with-iptables-no-chain-target-match-by-that-name%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Ah, bad luck guy.
Docker 18.05.0-ce is the first release, in which adopt the following networking feature,
Update libnetwork to improve scalabiltiy of bridge network isolation
rules. moby/moby#36774
In this feature, the chain DOCKER-ISOLATION in iptable filter table is replaced by DOCKER-ISOLATION-STAGE-1 and DOCKER-ISOLATION-STAGE-2.
See release log 18.05.0-ce.
answered Mar 26 at 1:58
SamSam
1
add a comment |
Ah, bad luck guy.
Docker 18.05.0-ce is the first release, in which adopt the following networking feature,
Update libnetwork to improve scalabiltiy of bridge network isolation
rules. moby/moby#36774
In this feature, the chain DOCKER-ISOLATION in iptable filter table is replaced by DOCKER-ISOLATION-STAGE-1 and DOCKER-ISOLATION-STAGE-2.
See release log 18.05.0-ce.
answered Mar 26 at 1:58
SamSam
1
add a comment |
Ah, bad luck guy.
Docker 18.05.0-ce is the first release, in which adopt the following networking feature,
Update libnetwork to improve scalabiltiy of bridge network isolation
rules. moby/moby#36774
In this feature, the chain DOCKER-ISOLATION in iptable filter table is replaced by DOCKER-ISOLATION-STAGE-1 and DOCKER-ISOLATION-STAGE-2.
See release log 18.05.0-ce.
answered Mar 26 at 1:58
SamSam
1
Ah, bad luck guy.
Docker 18.05.0-ce is the first release, in which adopt the following networking feature,
Update libnetwork to improve scalabiltiy of bridge network isolation
rules. moby/moby#36774
In this feature, the chain DOCKER-ISOLATION in iptable filter table is replaced by DOCKER-ISOLATION-STAGE-1 and DOCKER-ISOLATION-STAGE-2.
See release log 18.05.0-ce.
answered Mar 26 at 1:58
SamSam
1
answered Mar 26 at 1:58
SamSam
1
answered Mar 26 at 1:58
SamSam
1
answered Mar 26 at 1:58
SamSam
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f444498%2fdocker-fails-with-iptables-no-chain-target-match-by-that-name%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Dont you need to do
iptables -L -t natto see the chains there?– meuh
May 18 '18 at 16:46
@meuh Updated: I added the output with "-t nat", too.
– Philipp Claßen
May 18 '18 at 19:51