[Bug 1932184] [NEW] sshuttle can't set firewall settings with nftables

Max Lendrich Wed, 16 Jun 2021 10:41:07 -0700

Public bug reported:

After upgrading from 20.04.2 LTS (Focal Fossa) to 20.10 (Groovy Gorilla)
today - now using nftables as fw backend - sshuttle stopped working:


sudo sshuttle --remote <user>@<remote> --exclude <remote-ip>/32 <networks...>
client: Connected.
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables v1.8.5 (nf_tables):  CHAIN_ADD failed (No such file or directory): 
chain PREROUTING
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables v1.8.5 (nf_tables):  CHAIN_ADD failed (No such file or directory): 
chain PREROUTING
fatal: ['iptables', '-t', 'nat', '-nL'] returned 4
client: fatal: cleanup: ['/usr/bin/python3', '/usr/bin/sshuttle', '--method', 
'auto', '--firewall'] returned 99

sudo sshuttle --method=nft --remote <user>@<remote> --exclude <remote-ip>/32 
<networks...>
client: Connected.
Error: Could not process rule: No such file or directory
add chain inet sshuttle-12300 prerouting { type nat hook prerouting priority 
-100; policy accept; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
fatal: ['nft', 'add chain', 'inet', 'sshuttle-12300', 'prerouting', '{ type nat 
hook prerouting priority -100; policy accept; }'] returned 1
client: fatal: cleanup: ['/usr/bin/python3', '/usr/bin/sshuttle', '--method', 
'nft', '--firewall'] returned 99

Note, that on WSL2 the kernel was NOT changed with do-release-upgrade.

ProblemType: Bug
DistroRelease: Ubuntu 20.10
Package: sshuttle 1.0.4-1ubuntu4
Uname: Linux 5.10.16.3-microsoft-standard-WSL2 x86_64
ApportVersion: 2.20.11-0ubuntu50.7
Architecture: amd64
CasperMD5CheckResult: skip
Date: Wed Jun 16 19:19:10 2021
PackageArchitecture: all
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 LANG=C.UTF-8
 SHELL=/bin/bash
SourcePackage: sshuttle
UpgradeStatus: Upgraded to groovy on 2021-06-16 (0 days ago)

** Affects: sshuttle (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug groovy uec-images

** Description changed:

- After upgrading to 20.10 (Groovy Gorilla) today - which is now using
- nftables as fw backend - sshuttle stopped working:
+ After upgrading to from 20.04.2 LTS (Focal Fossa) to 20.10 (Groovy
+ Gorilla) today - now using nftables as fw backend - sshuttle stopped
+ working:
  
  sudo sshuttle --remote <user>@<remote> --exclude <remote-ip>/32 <networks...>
  client: Connected.
  # Warning: iptables-legacy tables present, use iptables-legacy to see them
  iptables v1.8.5 (nf_tables):  CHAIN_ADD failed (No such file or directory): 
chain PREROUTING
  # Warning: iptables-legacy tables present, use iptables-legacy to see them
  iptables v1.8.5 (nf_tables):  CHAIN_ADD failed (No such file or directory): 
chain PREROUTING
  fatal: ['iptables', '-t', 'nat', '-nL'] returned 4
  client: fatal: cleanup: ['/usr/bin/python3', '/usr/bin/sshuttle', '--method', 
'auto', '--firewall'] returned 99
  
  sudo sshuttle --method=nft --remote <user>@<remote> --exclude <remote-ip>/32 
<networks...>
  client: Connected.
  Error: Could not process rule: No such file or directory
  add chain inet sshuttle-12300 prerouting { type nat hook prerouting priority 
-100; policy accept; }
  
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  fatal: ['nft', 'add chain', 'inet', 'sshuttle-12300', 'prerouting', '{ type 
nat hook prerouting priority -100; policy accept; }'] returned 1
  client: fatal: cleanup: ['/usr/bin/python3', '/usr/bin/sshuttle', '--method', 
'nft', '--firewall'] returned 99
  
+ Note, that on WSL2 the kernel was NOT changed with do-release-upgrade.
+ 
  ProblemType: Bug
  DistroRelease: Ubuntu 20.10
  Package: sshuttle 1.0.4-1ubuntu4
  Uname: Linux 5.10.16.3-microsoft-standard-WSL2 x86_64
  ApportVersion: 2.20.11-0ubuntu50.7
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Wed Jun 16 19:19:10 2021
  PackageArchitecture: all
  ProcEnviron:
-  TERM=xterm-256color
-  PATH=(custom, no user)
-  LANG=C.UTF-8
-  SHELL=/bin/bash
+  TERM=xterm-256color
+  PATH=(custom, no user)
+  LANG=C.UTF-8
+  SHELL=/bin/bash
  SourcePackage: sshuttle
  UpgradeStatus: Upgraded to groovy on 2021-06-16 (0 days ago)

** Description changed:

- After upgrading to from 20.04.2 LTS (Focal Fossa) to 20.10 (Groovy
- Gorilla) today - now using nftables as fw backend - sshuttle stopped
- working:
+ After upgrading from 20.04.2 LTS (Focal Fossa) to 20.10 (Groovy Gorilla)
+ today - now using nftables as fw backend - sshuttle stopped working:
  
  sudo sshuttle --remote <user>@<remote> --exclude <remote-ip>/32 <networks...>
  client: Connected.
  # Warning: iptables-legacy tables present, use iptables-legacy to see them
  iptables v1.8.5 (nf_tables):  CHAIN_ADD failed (No such file or directory): 
chain PREROUTING
  # Warning: iptables-legacy tables present, use iptables-legacy to see them
  iptables v1.8.5 (nf_tables):  CHAIN_ADD failed (No such file or directory): 
chain PREROUTING
  fatal: ['iptables', '-t', 'nat', '-nL'] returned 4
  client: fatal: cleanup: ['/usr/bin/python3', '/usr/bin/sshuttle', '--method', 
'auto', '--firewall'] returned 99
  
  sudo sshuttle --method=nft --remote <user>@<remote> --exclude <remote-ip>/32 
<networks...>
  client: Connected.
  Error: Could not process rule: No such file or directory
  add chain inet sshuttle-12300 prerouting { type nat hook prerouting priority 
-100; policy accept; }
  
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  fatal: ['nft', 'add chain', 'inet', 'sshuttle-12300', 'prerouting', '{ type 
nat hook prerouting priority -100; policy accept; }'] returned 1
  client: fatal: cleanup: ['/usr/bin/python3', '/usr/bin/sshuttle', '--method', 
'nft', '--firewall'] returned 99
  
  Note, that on WSL2 the kernel was NOT changed with do-release-upgrade.
  
  ProblemType: Bug
  DistroRelease: Ubuntu 20.10
  Package: sshuttle 1.0.4-1ubuntu4
  Uname: Linux 5.10.16.3-microsoft-standard-WSL2 x86_64
  ApportVersion: 2.20.11-0ubuntu50.7
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Wed Jun 16 19:19:10 2021
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: sshuttle
  UpgradeStatus: Upgraded to groovy on 2021-06-16 (0 days ago)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1932184

Title:
  sshuttle can't set firewall settings with nftables

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sshuttle/+bug/1932184/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1932184] [NEW] sshuttle can't set firewall settings with nftables

Reply via email to