#Error Starting immich_server related to iptables

I just upgraded immich to 1.122.0 and I am getting an error starting immich_server.

I don't think the error has anything to do with the immich upgrade itself, but rather due to the fact that I recently installed crowdsec with the cs-firewall-bouncer. Part of that Inlcuded me installing iptables. However, I have not manually configured anything in iptables, I am just letting crowdsec manage it for now.

When starting the immich_server container I get the following error about iptables not being able to enable DNAT rules, no chain/match/target by that name.

I have tried disabling iptables and that doesn't change anything. I am not sure why having iptables on my server would affect being able to start the immich_server container. Any ideas?

:wave: Hey @still vortex,

Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich .

References

• Container Logs: docker compose logs docs
• Container Status: docker ps -a docs
• Reverse Proxy: https://immich.app/docs/administration/reverse-proxy
• Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA

Checklist

I have...

1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time).
2. :ballot_box_with_check: read applicable release notes.
3. :ballot_box_with_check: reviewed the FAQs for known issues.
4. :ballot_box_with_check: reviewed Github for known issues.
5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy).
6. :blue_square: uploaded the relevant information (see below).
7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable

(an item can be marked as "complete" by reacting with the appropriate number)

Information

In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider:

• Your docker-compose.yml and .env files.
• Logs from all the containers and their status (see above).
• All the troubleshooting steps you've tried so far.
• Any recent changes you've made to Immich or your system.
• Details about your system (both software/OS and hardware).
• Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h).
• The version of the Immich server, mobile app, and other relevant pieces.
• Any other information that you think might be relevant.

Please paste files and logs with proper code formatting, and especially avoid blurry screenshots.
Without the right information we can't work out what the problem is. Help us help you ;)

If this ticket can be closed you can use the /close command, and re-open it later if needed.

It seems like you broke your iptables chain / rules when setting up crowdsec, sorry as this is not an immich issue

It seems to say the DOCKER chain is missing

Yeah, I kinda figured it wasn't an immich thing, but I was hoping someone might have some insight. I didn't have iptables installed before adding crowdsec. And I didn't set up any iptables rules. In fact, my iptables rules are all the empty rulesset, so it should be allowing everything. So I'm not sure what rules/chain is broken?

the only reason I added iptables was to take advantage of the crowdsec-firewall-bouncer. I guess I will start over and remove iptables and crowdsec completely, and see if I can start immich again, and then add that stuff back

You didn't break Immich, you broke docker

https://www.reddit.com/r/CrowdSec/comments/106h13r/securing_docker_services_with_crowdsec_iptables/ this might help but I have no experience here