Code Monkey home page Code Monkey logo

syno-iptables's Introduction

本仓库提供群晖系统缺失的一些iptables模块

NOTE: This repo provides some iptables modules missing in the Synology system

  • Useful for various transparent proxy services
  • Support native Docker IPv6 NAT mode
  • In case there are no precompiled modules for your model or for any other reason you can self compile the modules according to How to Self Compile
  • translate the page for further information
  • 用于各种透明代理服务
  • 支持原生Docker IPv6 NAT模式

理论上只要架构、内核以及iptables版本吻合,预编译的模块就可以使用,或者说小版本的系统升级一般不会升级内核,可以继续使用。不吻合切勿尝试,可能造成未知的系统问题。

准备工作

  1. 通过该页面Synology Architectures查询架构,比如DS918+的架构为apollolake

  2. 通过uname -a命令查询内核版本,比如DS918+ 7.0.1-42218系统内核为4.4.180+(结尾的加号代表自定义编译的4.X内核)

Linux DSM7 4.4.180+ #42218 SMP Mon Oct 18 19:17:56 CST 2021 x86_64 GNU/Linux synology_apollolake_918+
  1. 通过iptables -V命令查询iptables版本
iptables v1.8.3 (legacy)

本仓库提供以下系统的预编译模块,经测试可以正常加载。

arch kernel iptables version system model platform version
apollolake 4.4.180+ v1.8.3 DS918+ 7.0.1-42218
apollolake 4.4.59+ v1.6.0 DS918+ 6.2.3-25426
broadwell 3.10.105 v1.6.0 DS3617xs 6.2.3-25426
bromolow 3.10.105 v1.6.0 DS3615xs 6.2.3-25426
geminilake 4.4.180+ v1.8.3 DS920+ 7.1-42661
geminilake 4.4.302+ v1.8.3 DS220+ 7.2-64570

安装并尝试加载

上传相应的ko模块至/lib/modules/,上传相应的so模块至/usr/lib/iptables/,即可。

📝 文件名含ip6的用于原生支持Docker IPv6 NAT,其余的用于各种透明代理服务,可根据需要选择,全部安装也没事。

📝 ko内核模块和so用户模块一般需要同时安装。

⚠️ Windows和Mac用户注意,模块文件名是区分大小写的,大写的为标记模块,小写的为匹配模块,它们之间是相辅相成的,切勿彼此覆盖。

运行sudo -i之后再运行以下insmod命令尝试加载ko内核模块。由于模块互相有依赖性,需按一定顺序加载,有些是系统自带的模块。如果提示File Exists,说明已经加载,如果没有提示,说明加载成功。

4.X内核 
insmod /lib/modules/nfnetlink.ko
insmod /lib/modules/ip_set.ko
insmod /lib/modules/ip_set_hash_ip.ko
insmod /lib/modules/xt_set.ko
insmod /lib/modules/ip_set_hash_net.ko
insmod /lib/modules/xt_mark.ko
insmod /lib/modules/xt_connmark.ko
insmod /lib/modules/xt_comment.ko
insmod /lib/modules/xt_TPROXY.ko
insmod /lib/modules/xt_socket.ko
insmod /lib/modules/iptable_mangle.ko
insmod /lib/modules/textsearch.ko
insmod /lib/modules/ts_bm.ko
insmod /lib/modules/xt_string.ko
insmod /lib/modules/nf_nat_ipv6.ko
insmod /lib/modules/nf_nat_masquerade_ipv6.ko
insmod /lib/modules/ip6t_MASQUERADE.ko
insmod /lib/modules/ip6table_nat.ko
insmod /lib/modules/ip6table_raw.ko
insmod /lib/modules/ip6table_mangle.ko
4.4.302 内核 
insmod /lib/modules/nfnetlink.ko &> /dev/null
insmod /lib/modules/ip_set.ko &> /dev/null
insmod /lib/modules/ip_set_hash_ip.ko &> /dev/null
insmod /lib/modules/xt_set.ko &> /dev/null
insmod /lib/modules/ip_set_hash_net.ko &> /dev/null
insmod /lib/modules/xt_mark.ko &> /dev/null
insmod /lib/modules/xt_connmark.ko &> /dev/null
insmod /lib/modules/xt_comment.ko &> /dev/null

insmod /lib/modules/nf_conntrack_ipv6.ko &> /dev/null
insmod /lib/modules/nf_defrag_ipv6.ko &> /dev/null

insmod /lib/modules/xt_TPROXY.ko &> /dev/null
insmod /lib/modules/xt_socket.ko &> /dev/null
insmod /lib/modules/iptable_mangle.ko &> /dev/null
insmod /lib/modules/textsearch.ko &> /dev/null
insmod /lib/modules/ts_bm.ko &> /dev/null
insmod /lib/modules/xt_string.ko &> /dev/null

insmod /lib/modules/ip6_tables.ko &> /dev/null
insmod /lib/modules/nf_nat.ko &> /dev/null
insmod /lib/modules/nf_nat_ipv6.ko &> /dev/null
insmod /lib/modules/nf_nat_masquerade_ipv6.ko &> /dev/null
insmod /lib/modules/ip6t_MASQUERADE.ko &> /dev/null
insmod /lib/modules/ip6table_nat.ko &> /dev/null
insmod /lib/modules/ip6table_raw.ko &> /dev/null
insmod /lib/modules/ip6table_mangle.ko &> /dev/null
3.X内核 
insmod /lib/modules/nfnetlink.ko
insmod /lib/modules/ip_set.ko
insmod /lib/modules/ip_set_hash_ip.ko
insmod /lib/modules/xt_set.ko
insmod /lib/modules/ip_set_hash_net.ko
insmod /lib/modules/xt_mark.ko
insmod /lib/modules/xt_connmark.ko
insmod /lib/modules/xt_comment.ko
insmod /lib/modules/nf_tproxy_core.ko
insmod /lib/modules/xt_TPROXY.ko
insmod /lib/modules/xt_socket.ko
insmod /lib/modules/iptable_mangle.ko
insmod /lib/modules/textsearch.ko
insmod /lib/modules/ts_bm.ko
insmod /lib/modules/xt_string.ko
insmod /lib/modules/nf_nat_ipv6.ko
insmod /lib/modules/ip6t_MASQUERADE.ko
insmod /lib/modules/ip6table_nat.ko
insmod /lib/modules/ip6table_raw.ko
insmod /lib/modules/ip6table_mangle.ko

📝 运行lsmod查看已加载的内核模块列表,或运行dmesg | tail查看加载失败的原因。

📝 不同内核版本netfilter编译生成的ko内核模块可能不完全一样。比如,nf_tproxy_core.ko模块只有3.X内核才会有,nf_nat_masquerade_ipv6.ko模块只有4.X内核才会有。

📝 为了群晖重启之后自动加载所需的内核模块,参考通用模块加载的方法

如何自编译

本仓库无法提供适合所有群晖系统的预编译模块,或者不愿意使用预编译模块,可以尝试自编译

具体实践分享

感谢

syno-iptables's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

gaojuxian66 richzzp hululu1068 yhboss iwinstar andre2308 tonydongguwpi rogersiy slte xingoxu scrapix xzxiaoshan mbyd2022 luoliang629 kkeenee patest224 windman1320 beanbro666 radaig luokunyuan365 lbs1990 fenildf

syno-iptables's Issues

【求助】 Invalid module format

broadwell | 3.10.105 | v1.6.0 | DS3617xs | 6.2.3-25426
黑群晖,打算v2raya全局代理,ko、so均已上传至文件夹
但是加载ko内核模块时提示出错,问题为格式非法,整个内核加载流程如下:
root@DSM_A:/volume1/system/so# insmod /lib/modules/nfnetlink.ko
root@DSM_A:/volume1/system/so# insmod /lib/modules/ip_set.ko
root@DSM_A:/volume1/system/so# insmod /lib/modules/ip_set_hash_ip.ko
root@DSM_A:/volume1/system/so# insmod /lib/modules/xt_set.ko
root@DSM_A:/volume1/system/so# insmod /lib/modules/ip_set_hash_net.ko
insmod: ERROR: could not insert module /lib/modules/ip_set_hash_net.ko: Invalid module format
root@DSM_A:/volume1/system/so# insmod /lib/modules/xt_mark.ko
root@DSM_A:/volume1/system/so# insmod /lib/modules/xt_connmark.ko
insmod: ERROR: could not insert module /lib/modules/xt_connmark.ko: Invalid module format
root@DSM_A:/volume1/system/so# dmesg | tail
[47542.133142] ppid:5405(syno_hibernatio), pid:9670(sync), WRITE block 16504 on md0 (8 sectors)
[47542.133145] ppid:5405(syno_hibernatio), pid:9670(sync), WRITE block 16520 on md0 (8 sectors)
[47542.133147] ppid:5405(syno_hibernatio), pid:9670(sync), WRITE block 272848 on md0 (8 sectors)
[47542.133150] ppid:5405(syno_hibernatio), pid:9670(sync), WRITE block 273152 on md0 (8 sectors)
[47542.333392] ppid:2(kthreadd), pid:8564(md2_raid1), WRITE block 8 on sdb3 (1 sectors)
[47542.335349] ppid:2(kthreadd), pid:4079(md0_raid1), WRITE block 4980352 on sdb1 (8 sectors)
[47542.434843] ppid:1(init), pid:13313(scemd), dirtied inode 3215753 (volume1.lock.4xc6zX) on tmpfs
[47546.497889] ppid:1(init), pid:9228(syslog-ng), dirtied inode 29154 (bash_history.log) on md0
[47546.497899] ppid:1(init), pid:9228(syslog-ng), dirtied inode 29154 (bash_history.log) on md0
[47546.497902] ppid:1(init), pid:9228(syslog-ng), dirtied inode 29154 (bash_history.log) on md0
root@DSM_A:/volume1/system/so# insmod /lib/modules/nf_tproxy_core.ko
insmod: ERROR: could not insert module /lib/modules/nf_tproxy_core.ko: Invalid module format
root@DSM_A:/volume1/system/so# insmod /lib/modules/xt_TPROXY.ko
insmod: ERROR: could not insert module /lib/modules/xt_TPROXY.ko: Invalid module format
root@DSM_A:/volume1/system/so# insmod /lib/modules/iptable_mangle.ko

网上搜了很久都没找到这方面的有价值参考资料,求助大神帮忙看一下

无法ping通宿主机

好奇怪,ping任何ipv6 都能通,局域网内的ipv6地址,外面的ipv6也可以。就是 nas本机的ipv6不行。
admin@NAS:~$ sudo docker run --rm busybox ping -6 -c4 240e:353:264:7f64:211:yyy:yyy:yyy
Password:
PING 240e:353:264:7f64:211:yyy:yyy:yyy (240e:353:264:7f64:211:yyy:yyy:yyy): 56 data bytes

--- 240e:353:264:7f64:211:yyy:yyy:yyy ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
admin@NAS:~$ sudo docker run --rm busybox ping -6 -c4 ui6.xxxx.org
PING ui6.4738.org (240e:353:264:7f56:7683:xxxx:xxxx:xxxx): 56 data bytes
64 bytes from 240e:353:264:7f56:7683:c2ff:zzz:xxxx: seq=0 ttl=63 time=3.525 ms
64 bytes from 240e:353:264:7f56:7683:c2ff:zzz:xxxx: seq=1 ttl=63 time=1.174 ms
64 bytes from 240e:353:264:7f56:7683:c2ff:zzz:xxxx: seq=2 ttl=63 time=1.328 ms
64 bytes from 240e:353:264:7f56:7683:c2ff:zzz:xxxx: seq=3 ttl=63 time=1.209 ms

--- ui6.xxxx.org ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 1.174/1.809/3.525 ms

DS918+ 7.2.1 补齐iptables 后的 v2raya 仍然提示错误

如题,v2raya提示如下:
invalid config: not support "tproxy" mode of transparent proxy: you does not compile xt_TPROXY in kernel
lsmod后
确实没看到有xt_TPROXY加载
dmesg | tail 得到结果如下
[ 8220.394274] audit: type=1325 audit(1715086707.929:3903): table=nat family=2 entries=16
[ 8220.396043] audit: type=1325 audit(1715086707.931:3904): table=nat family=2 entries=18
[ 8220.398018] audit: type=1325 audit(1715086707.933:3905): table=nat family=2 entries=20
[ 8220.399987] audit: type=1325 audit(1715086707.935:3906): table=nat family=2 entries=22
[ 8220.401941] audit: type=1325 audit(1715086707.937:3907): table=nat family=2 entries=23
[ 8220.403887] audit: type=1325 audit(1715086707.939:3908): table=nat family=2 entries=24
[ 8220.406025] audit: type=1325 audit(1715086707.941:3909): table=nat family=2 entries=25
[ 8220.408026] audit: type=1325 audit(1715086707.943:3910): table=nat family=2 entries=26
[ 8220.409881] audit: type=1325 audit(1715086707.945:3911): table=nat family=2 entries=27
[ 8220.411750] audit: type=1325 audit(1715086707.947:3912): table=nat family=2 entries=28
insmod过程中没有提示任何错误

自行编译到最后一步报错

make[1]: Entering directory '/spksrc/kernel/syno-rtd1296-7.0/work/linux'
make[2]: *** Documentation/Kbuild: Is a directory. Stop.
make[1]: *** [Makefile:1249: _clean_Documentation] Error 2
make[1]: Leaving directory '/spksrc/kernel/syno-rtd1296-7.0/work/linux'
make: *** [../../mk/spksrc.kernel.mk:96: kernel_configure_target] Error 2

想对arm的群晖编译,但是第一步的最后就报错了,不知道怎么解决?
如果方便的话可否帮忙编译一份syno-rtd1296-7.0?

尝试编译 xt_string, 最终 insmod 报错

群晖 DS920+ Docker v2rayA, 启动报错

2022/04/12 17:24:23.067 [W] [transparent.go:86]  DropSpoofing can't be enable: ExecCommands: iptables-legacy -w 2 -A DROP_SPOOFING -p udp --sport 53 -m string --algo bm --hex-string "|00047f|" --from 60 --to 180 -j DROP iptables v1.8.7 (legacy): Couldn't load match `string':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
: exit status 2
2022/04/12 17:24:23.067 [W] [transparent.go:34]  WriteTransparentProxyRules: ExecCommands: iptables-legacy -w 2 -A DROP_SPOOFING -p udp --sport 53 -m string --algo bm --hex-string "|00047f|" --from 60 --to 180 -j DROP iptables v1.8.7 (legacy): Couldn't load match `string':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
: exit status 2
2022/04/12 17:24:23.297 [E] [connection.go:88]  failed to start v2ray-core: ExecCommands: iptables-legacy -w 2 -A DROP_SPOOFING -p udp --sport 53 -m string --algo bm --hex-string "|00047f|" --from 60 --to 180 -j DROP iptables v1.8.7 (legacy): Couldn't load match `string':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
: exit status 2
2022/04/12 17:24:34.883 [I] [io.go:425]  V2Ray 4.44.0 (V2Fly, a community-driven edition of V2Ray.) Custom (go1.17.3 linux/amd64)

于是按照教程,增加

export CONFIG_NETFILTER_XT_MATCH_STRING=m

编译过程没有任何问题,在 insmod 环境报错

root@DiskStation:/usr/lib/iptables# insmod /lib/modules/xt_string.ko
insmod: ERROR: could not insert module /lib/modules/xt_string.ko: Unknown symbol in module
root@DiskStation:/usr/lib/iptables# dmesg | tail
[ 5572.132993] xt_string: Unknown symbol textsearch_prepare (err 0)
[23724.699051] perf interrupt took too long (5009 > 5000), lowering kernel.perf_event_max_sample_rate to 25000
[35168.885573] vfat: synoboot1 mounted, process=synowedjat
[35168.893082] FAT-fs (synoboot1): FAT: nls_disk load default table

[35168.902814] FAT-fs (synoboot1): FAT: nls_io load default table

[35169.407337] synoboot1 unmounted, process=synowedjat
[44485.396164] xt_string: Unknown symbol textsearch_destroy (err 0)
[44485.402937] xt_string: Unknown symbol textsearch_prepare (err 0)

你好,我想请教一下出墙的插件一般是哪几个内核选项会起作用?

不是群晖系统,是coreelec,一个基于kodi的一个系统,内核是可以开启ipset模块的,内核文件地址地址在这里,但我试了几次都不太行,有一次成功了,但是gfw模式用不了,只能用绕过模式。

或者有什么方法能查看运行时缺少了什么模块吗?

还有一个问题,没找到解决方法,只能退回6.x版本的ipset
图片

【求助】textsearch.ko无法加载,最终导致一共三个模块无法加载

内核版本和iptabls版本:

iptables v1.6.0
Linux mqnpdzl 4.4.59+ #25556 SMP PREEMPT Sat Aug 28 02:17:26 CST 2021 x86_64 GNU/Linux synology_apollolake_218+

加载这个三个的时候报错:

insmod /lib/modules/textsearch.ko
insmod /lib/modules/ts_bm.ko
insmod /lib/modules/xt_string.ko

有两个变量找不到
Unknown symbol __rcu_read_lock (err 0)
Unknown symbol __rcu_read_unlock (err 0)

[6847845.319814] xt_string: Unknown symbol textsearch_destroy (err 0)
[6847845.326756] xt_string: Unknown symbol textsearch_prepare (err 0)
[6847948.294970] textsearch: Unknown symbol __rcu_read_lock (err 0)
[6847948.301885] textsearch: Unknown symbol __rcu_read_unlock (err 0)
[6848076.009154] textsearch: Unknown symbol __rcu_read_lock (err 0)
[6848076.015935] textsearch: Unknown symbol __rcu_read_unlock (err 0)
[6848076.030540] ts_bm: Unknown symbol textsearch_unregister (err 0)
[6848076.037595] ts_bm: Unknown symbol textsearch_register (err 0)
[6848077.833446] xt_string: Unknown symbol textsearch_destroy (err 0)
[6848077.840512] xt_string: Unknown symbol textsearch_prepare (err 0)

这三个模块没法加载导致出现[//issues/11]同样的问题。

7.2版本之前的ko不可用

如题,新版本kernel变了,之前的ko插不进去了,想尝试重新编译,但spksrc的源码也没7.2的

DS918+有几个模块无法加载,提示Unknown symbol in module

DSM7.0.1 内核4.4.180+
insmod: ERROR: could not insert module /lib/modules/ip6table_nat.ko: Unknown symbol in module

insmod: ERROR: could not insert module /lib/modules/ip6table_raw.ko: Unknown symbol in module

insmod: ERROR: could not insert module /lib/modules/ip6table_mangle.ko: Unknown symbol in module
是因为有什么依赖模块没加载吗?

ds920+ 出错

DSM 7.0.1-42218 Update 3
Linux NAS 4.4.180+ 所以就用了syno-iptables-latest\apollolake\kernel-4.4.180里面的文件上传上去。 按示例的配置了docker.json还有/var/packages/Docker/scripts/start-stop-status。
没能启动docker ,出错代码
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.079741926+08:00" level=warning msg="Your kernel does not support CPU CFS scheduler"
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.079763017+08:00" level=warning msg="Your kernel does not support CPU realtime scheduler"
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.079785063+08:00" level=warning msg="Your kernel does not support cgroup blkio weight"
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.079807271+08:00" level=warning msg="Your kernel does not support cgroup blkio weight_device"
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.079837977+08:00" level=warning msg="Your kernel does not support cgroup blkio throttle.read_bps_device"
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.079863549+08:00" level=warning msg="Your kernel does not support cgroup blkio throttle.write_bps_device"
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.079889002+08:00" level=warning msg="Your kernel does not support cgroup blkio throttle.read_iops_device"
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.079911199+08:00" level=warning msg="Your kernel does not support cgroup blkio throttle.write_iops_device"
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.079934446+08:00" level=warning msg="Unable to find pids cgroup in mounts"
2022-03-24T16:10:11+08:00 NAS docker[31392]: time="2022-03-24T16:10:11.714237826+08:00" level=warning msg="could not create bridge network for id bc8fc3706e27f15bd17290cc834b456a3c7b71e8d1220db00ee2c2749fbd6f55 bridge name docker-bc8fc370 while booting up from persistent state: Failed to Setup IP tables: Unable to enable NAT rule: (iptables failed: ip6tables --wait -t nat -I POSTROUTING -s fe80::/64 ! -o docker-bc8fc370 -j MASQUERADE: ip6tables v1.8.3 (legacy): Couldn't load target MASQUERADE':No such file or directory\n\nTry ip6tables -h' or 'ip6tables --help' for more information.\n (exit status 2))"

自行编译iptables未产出.ko文件

Synology Package Arch: v1000

按照教程操作时

make 报错如下:

/bin/sh: 1: scripts/mod/modpost: not found
make[1]: *** [scripts/Makefile.modpost:91: __modpost] Error 127
make: *** [Makefile:1449: modules] Error 2
make: Leaving directory '/spksrc/kernel/syno-v1000-7.0/work/linux'
cp: cannot stat 'linux/net/netfilter/.ko': No such file or directory
cp: cannot stat 'linux/net/netfilter/ipset/.ko': No such file or directory
cp: cannot stat 'linux/net/ipv6/netfilter/.ko': No such file or directory
cp: cannot stat 'linux/lib/.ko': No such file or directory

测试IPv6连通性失败

部署的环境

系统版本/型号

image

内核

image

iptables版本

image

image

遇到的问题

使用的是 geminilake的预编译模块 , 根据原生Docker IPv6 NAT模式 (DSM 7.x)的步骤进行部署

vim /var/packages/ContainerManager/etc/dockerd.json

X6@MSIB2)7@92SZ~~1KR9RR

vim /var/packages/ContainerManager/scripts/start-stop-status

image

sudo docker run --rm busybox ping -6 -c4 2400:3200::1

}RG3NDX~0F{G(V@BW8VIS}Y

sudo systemctl status pkg-ContainerManager-dockerd.service

5532T H6ZZTZ)Z~(EF EZLO

ipv6的所有模块都无法加载,报错如下

ipv6的所有模块都无法加载,报错如下
insmod: ERROR: could not insert module /lib/modules/nf_nat_ipv6.ko: Unknown symbol in module
日志:
[ 130.084409] ip6table_nat: Unknown symbol ip6t_unregister_table (err 0)
[ 130.084709] ip6table_nat: Unknown symbol ip6t_register_table (err 0)
[ 130.084954] ip6table_nat: Unknown symbol nf_nat_ipv6_in (err 0)
[ 130.085184] ip6table_nat: Unknown symbol ip6t_alloc_initial_table (err 0)
[ 130.085443] ip6table_nat: Unknown symbol nf_nat_ipv6_out (err 0)
[ 130.085708] ip6table_nat: Unknown symbol ip6t_do_table (err 0)
[ 130.085932] ip6table_nat: Unknown symbol nf_nat_ipv6_fn (err 0)
[ 130.086161] ip6table_nat: Unknown symbol nf_nat_ipv6_local_fn (err 0)
[ 140.973967] ip6table_raw: Unknown symbol ip6t_unregister_table (err 0)
[ 140.974230] ip6table_raw: Unknown symbol xt_hook_link (err 0)
[ 140.974452] ip6table_raw: Unknown symbol ip6t_register_table (err 0)
[ 140.974695] ip6table_raw: Unknown symbol ip6t_alloc_initial_table (err 0)
[ 140.975033] ip6table_raw: Unknown symbol ip6t_do_table (err 0)
[ 140.975260] ip6table_raw: Unknown symbol xt_hook_unlink (err 0)
[ 151.919246] nf_nat_ipv6: Unknown symbol nf_ct_invert_tuplepr (err 0)
[ 151.919514] nf_nat_ipv6: Unknown symbol nf_nat_alloc_null_binding (err 0)
[ 151.919781] nf_nat_ipv6: Unknown symbol __nf_nat_l4proto_find (err 0)
[ 151.920148] nf_nat_ipv6: Unknown symbol nf_nat_l3proto_register (err 0)
[ 151.920403] nf_nat_ipv6: Unknown symbol nf_nat_l3proto_unregister (err 0)
[ 151.920676] nf_nat_ipv6: Unknown symbol nf_nat_packet (err 0)
[ 151.920899] nf_nat_ipv6: Unknown symbol nf_xfrm_me_harder (err 0)
[ 151.921147] nf_nat_ipv6: Unknown symbol nf_nat_l4proto_unregister (err 0)
[ 151.921409] nf_nat_ipv6: Unknown symbol __nf_ct_kill_acct (err 0)
[ 151.921644] nf_nat_ipv6: Unknown symbol nf_nat_l4proto_register (err 0)
[ 151.921893] nf_nat_ipv6: Unknown symbol nf_nat_used_tuple (err 0)
[ 151.922333] nf_nat_ipv6: Unknown symbol nf_ct_nat_ext_add (err 0)
[ 159.713868] nf_nat_masquerade_ipv6: Unknown symbol nf_nat_setup_info (err 0)
[ 159.714198] nf_nat_masquerade_ipv6: Unknown symbol nf_ct_iterate_cleanup (err 0)

内核版本:
Linux DSM 4.4.180+ #42218 SMP Fri Sep 24 02:41:40 CST 2021 x86_64 GNU/Linux synology_apollolake_918+

使用的模块:
syno-iptables/apollolake/kernel-4.4.180/

insmod: ELF file not for this architecture

ds918+
version: 6.2.3-25423

4.4.59+

复制了 syno-iptables/apollolake/kernel-4.4.59 的ko,so到指定目录之后.
执行

insmod /lib/modules/nfnetlink.ko
insmod /lib/modules/ip_set.ko
insmod /lib/modules/ip_set_hash_ip.ko
insmod /lib/modules/xt_set.ko
insmod /lib/modules/ip_set_hash_net.ko
insmod /lib/modules/xt_mark.ko
insmod /lib/modules/xt_connmark.ko
insmod /lib/modules/xt_comment.ko
insmod /lib/modules/xt_TPROXY.ko
insmod /lib/modules/xt_socket.ko
insmod /lib/modules/iptable_mangle.ko
insmod /lib/modules/textsearch.ko
insmod /lib/modules/ts_bm.ko
insmod /lib/modules/xt_string.ko

所有的命令都是insmod: ELF file not for this architecture

增加了模块,在脚本里也insmod了,iptable仍报错

iptables-legacy -w 2 -t nat -N TP_OUT iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid argument : exit status 4

环境:DS918+
$uname -a: Linux DS918 4.4.180+ #42962 SMP Mon May 29 14:38:23 CST 2023 x86_64 GNU/Linux synology_apollolake_918+
$iptables -V :iptables v1.8.3 (legacy): (报错是v1.8.10?)

docker ipv6 on syno

请问一下我能提pr不,内容是修复群晖docker ipv6,也是内核模块和iptables模块

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.