Hi,
I’m trying to run an official Tailscale container. The Tailscale software works correct, but in order to enable proper forwarding it tries to create a firewall rule inside the container and fails.
Command:
Critical environment variables:
I’m trying to run an official Tailscale container. The Tailscale software works correct, but in order to enable proper forwarding it tries to create a firewall rule inside the container and fails.
Command:
Error:iptables -t filter -A ts-forward -i tailscale0 -j MARK --set-mark 0x40000/0xff0000 --wait
Output of iptables -S when the container is running:exit status 1: iptables: Invalid argument. Run `dmesg' for more information
Unfortunately, dmesg can't be run inside the container (forbidden?). Although xt_mark is listed as a loaded kernel module by lsmod command, the system seems to lack packet marking capability.-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ts-forward
-N ts-input
-A INPUT -j ts-input
-A FORWARD -j ts-forward
-A ts-input -s 100.115.92.0/23 ! -i tailscale0 -j RETURN
-A ts-input -s 100.64.0.0/10 ! -i tailscale0 -j DROP
-A ts-input -i tailscale0 -j ACCEPT
Critical environment variables:
- TS_AUTHKEY = auth key, generated at https://login.tailscale.com/admin/settings/keys
- TS_USERSPACE = false, to enable tailscale0 device creation (otherwise it runs as a userspace proxy, not what I need).
For all those users who are interested in Tailscale and other containers using iptables, please, submit your requests via the support portal.Currently, there are no available iptables for third-party code. We will explore possible solutions if we receive similar requests from our clients. We are sorry for the inconvenience caused.
Statistics: Posted by vovan700i — Thu Dec 28, 2023 2:01 pm