unable to detect hairpin mode - iptables >1.8.4 update issues #3940
Description
New iptables-1.8.4-15.el8_3.3 packages on CentOS8 leading to non working ipv6nat docker.
mailcow users on CentOS8 who have IPv6 enabled need to lock iptables to latest working version till issue will not be resolved.
Issue described here: robbertkl/docker-ipv6nat#67
If you not yet updated to 1.8.4.-15.el8_3.3 please lock packages version:
sudo dnf install -y 'dnf-command(versionlock)'; sudo dnf versionlock add iptables iptables-ebtables iptables-libs iptables-services
If you already updated iptables you need to downgrade packages and reboot the server:
- downgrade packages:
tmp_dir=$(mktemp -d -t fix-iptables-XXXXXXXXXX)
wget -O $tmp_dir/iptables-1.8.4-15.el8.x86_64.rpm http://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/iptables-1.8.4-15.el8.x86_64.rpm
wget -O $tmp_dir/iptables-ebtables-1.8.4-15.el8.x86_64.rpm http://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/iptables-ebtables-1.8.4-15.el8.x86_64.rpm
wget -O $tmp_dir/iptables-libs-1.8.4-15.el8.x86_64.rpm http://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/iptables-libs-1.8.4-15.el8.x86_64.rpm
wget -O $tmp_dir/iptables-services-1.8.4-15.el8.x86_64.rpm http://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/iptables-services-1.8.4-15.el8.x86_64.rpm
sudo dnf downgrade -y $tmp_dir/iptables-*
rm -rf $tmp_dir
- do
docker-compose downin mailcow home directory - restart your server OS
- lock packages:
sudo dnf install -y 'dnf-command(versionlock)'; sudo dnf versionlock add iptables iptables-ebtables iptables-libs iptables-services - do
docker-compose up -din mailcow home directory
To unlock iptables packages when issue will be resolved:
sudo dnf versionlock del iptables iptables-ebtables iptables-libs iptables-services
Note: some users can not have iptables-services package, this totally fine, downgrade command will not touch it in this case and downgrade all other packages iptables packages successfully.