#How to run dagger with podman (Fedora 42)

Hello everyone. I am trying to run Dagger with Podman, but when I run the dagger command, it gets stuck at the connection stage.
I create podman machine with rotfull mode

 {
    "ConfigDir": {
       "Path": "/home/akiyamka/.config/containers/podman/machine/qemu"
    },
    "ConnectionInfo": {
       "PodmanSocket": {
            "Path": "/run/user/1000/podman/podman-machine-default-api.sock"
       },
       "PodmanPipe": null
    },
    "Created": "2025-12-02T21:42:08.841894053+01:00",
    "LastUp": "0001-01-01T00:00:00Z",
    "Name": "podman-machine-default",
    "Resources": {
       "CPUs": 8,
       "DiskSize": 100,
       "Memory": 2048,
       "USBs": []
    },
    "SSHConfig": {
       "IdentityPath": "/home/akiyamka/.local/share/containers/podman/machine/machine",
       "Port": 38589,
       "RemoteUsername": "core"
    },
    "State": "running",
    "UserModeNetworking": true,
    "Rootful": true,
    "Rosetta": false
 }

and enable sudo modprobe iptable_nat inside of it

But this not help, dagger steel can't connect to it

$ dagger
connect 1m
  starting engine ✓
  connecting to engine 1m

This what i see in max verosity mode

hey there! mind sharing what docker logs dagger-engine-v0.19.7 show?

sure

are these the logs? something feels strange here..

Yep, docker logs dagger-engine-v0.19.7 > log.log

mind running this docker run --rm -ti --privileged -v /var/lib/dagger dagger-engine-v0.19.7

and see if you're getting any errors?

this is more logs with

docker logs dagger-engine-v0.19.7 > log.log 2>&1

Trying to pull docker.io/library/dagger-engine-v0.19.7:latest...
Error: unable to copy from source docker://dagger-engine-v0.19.7:latest: initializing source docker://dagger-engine-v0.19.7:latest: reading manifest latest in docker.io/library/dagger-engine-v0.19.7: requested access to the resource is denied

sorry, this command: docker run --rm -ti --privileged -v /var/lib/dagger registry.dagger.io/engine:v0.19.7

INFO[0000] detected mtu 65520 via interface wlp4s0
DEBU[2025-12-03T16:14:51Z] engine name: 6649c274e80a
DEBU[2025-12-03T16:14:51Z] creating engine GRPC server
DEBU[2025-12-03T16:14:51Z] creating engine lockfile
dnsmasq[43]: started, version 2.91 cachesize 150
dnsmasq[43]: compile time options: IPv6 GNU-getopt no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset no-nftset auth no-DNSSEC loop-detect inotify dumpfile
dnsmasq[43]: warning: interface dagger0 does not currently exist
dnsmasq[43]: using only locally-known addresses for dagger.local
dnsmasq[43]: reading /etc/dnsmasq-resolv.conf
dnsmasq[43]: using nameserver 169.254.1.1#53
dnsmasq[43]: using nameserver 100.100.100.100#53
dnsmasq[43]: using nameserver 192.168.100.1#53
dnsmasq[43]: using only locally-known addresses for dagger.local
DEBU[2025-12-03T16:14:51Z] creating engine server
dnsmasq[43]: read /etc/hosts - 19 names
dnsmasq[43]: read /var/run/containers/cni/dnsname/dagger/addnhosts - 0 names
INFO[2025-12-03T16:14:51Z] auto snapshotter: using overlayfs
DEBU[2025-12-03T16:14:51Z] could not read "/var/lib/dagger/net/cni" for cleanup: open /var/lib/dagger/net/cni: no such file or directory
dagger-engine: failed to create engine: failed to create network providers: CNI setup error: plugin type="bridge" failed (add): failed to list chains: running [/usr/local/sbin/iptables -t nat -S --wait]: exit status 3: iptables v1.8.11 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

^ there's the error. seems like the iptable_nat module is not loaded in the machine kernel

does sudo lsmod | grep iptable_nat show anything?

nothing

then the module is not loaded for some reason. Does sudo modprobe iptable_nat throw any error or anything?

I load it using sudo modprobe iptable_nat now it works

👍

ok, maybe you rebooted the machine or something before and the module got unloaded

dagger should work now

now it instantly crash with

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x55b8709f2c3f

full log

run dagger core version

this means that the engine is working now

mind sharing this full stack trace please?

this in it?
https://discordapp.com/channels/707636530424053791/1445798864677503097/1445812272709636129

this one I mean

Sorry, i can't reproduce this again, I reboot system and now it works after I manually load iptable_nat. Seems like it not loaded by default in fedora

Thank you very much for your help. If I encounter a crash situation again, I will post the full trace here.

It turns out that Fedora (starting from Fedora 33 (2020)) uses the nftables instead of iptables. The latter is apparently not recommended. Is there any way I can switch Dagger to use nftables?

No, not currently. This is becoming a bit of an issue as more distros transition to nftables . Skimming through the container plugins code, it seems like it should support nftables (https://github.com/containernetworking/plugins/blob/9b3772e1a7abf93cbb7c6526a28bc0d27b830e02/pkg/utils/netfilter.go#L41). Tagging @junior coyote and @spiral stump in case they have any pointers about this. Otherwise, we'd have to put some work in making it work 🙏

That's cool, seems like Debian and CentOS already have only nftables by default too