Attached the screenshot of errors not sure where it is picking up the namespace
#Unable to dagger init
mortal laurel
zenith jetty
Hey! Which OS are you running this on?
undone coral
@mortal laurel by any chance are you in a fedora / centos based system? This seems to be the issue: https://docs.dagger.io/troubleshooting/#dagger-restarts-with-a-cni-setup-error
mortal laurel
Hey! Which OS are you running this on?
Fedora 41
mortal laurel
<@863467557247909918> by any chance are you in a fedora / centos based system?...
Interesting it requires iptables
If this is the case then nftables should be supported
undone coral
If this is the case then nftables should be supported
I agree.. thing is that it's not a Dagger specific limitation. Pretty much all the container networking ecosystem currently doesn't support nft https://github.com/containernetworking/plugins/issues/461#issuecomment-2560707129
mortal laurel
oh
okay so it requires me to have legacy iptables
$ sudo nft list ruleset
....
# Warning: table ip filter is managed by iptables-nft, do not touch!
table ip filter {
chain DOCKER {
}
chain DOCKER-ISOLATION-STAGE-1 {
iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2
counter packets 0 bytes 0 return
}
chain DOCKER-ISOLATION-STAGE-2 {
oifname "docker0" counter packets 0 bytes 0 drop
counter packets 0 bytes 0 return
}
chain FORWARD {
type filter hook forward priority filter; policy drop;
counter packets 0 bytes 0 jump DOCKER-USER
counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-1
oifname "docker0" ct state related,established counter packets 0 bytes 0 accept
oifname "docker0" counter packets 0 bytes 0 jump DOCKER
iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 accept
iifname "docker0" oifname "docker0" counter packets 0 bytes 0 accept
}
chain DOCKER-USER {
counter packets 0 bytes 0 return
}
}
....
yes this is interesting
So it will work only if I use iptables-legacy?
Yes previously when I was in f35 or 37 It used to work
yes fedora has replaced the iptblaes with nftables
undone coral
So it will work only if I use `iptables-legacy`?
I think you need to load the kernel module described in the docs
mortal laurel
okay
undone coral
Which doesn't come enabled by default
That should be it
The legacy iptables version loaded the module automatically
mortal laurel
So restarted the system with the loaded module but still the dagger init showing almost the same error
undone coral
So restarted the system with the loaded module but still the dagger init showing...
Does lsmod show the module loaded?
mortal laurel
Does lsmod show the module loaded?
nope
undone coral
try running sudo modprobe iptable_nat and restarting the engine container afterwards
mortal laurel
anyways when using dagger will fist need to load the module
Yes now its working thanks @undone coral
undone coral
anyways when using dagger will fist need to load the module
We prefer not to do this since it might affect other things in the user system
We prefer to document it and let the user be aware and handle it as they prefer better