Antsle Forum
Welcome to our Antsle community! This forum is to connect all Antsle users to post experiences, make user-generated content available for the entire community and more.
Please note: This forum is about discussing one specific issue at a time. No generalizations. No judgments. Please check the Forum Rules before posting. If you have specific questions about your Antsle and expect a response from our team directly, please continue to use the appropriate channels (email: [email protected]) so every inquiry is tracked.
Antman 3.0.0c on Nano .. having issues (resolved)
Quote from soneill on February 19, 2020, 9:07 amQuestion to anyone running a Nano with Antman 3.0.0c *and* port forwarding works for newly provisioned Antlets. Can you run the following commands and post back the results:
systemctl status firewalld
And then this:
ls -la /etc/sysconfig/ip*
My Antman 3.0.0c does not address the port forwarding issue and the Services screen in Antman no longer shows the short list Antsle related services that 3.0.0.b did. The firewalld status above for me shows that iptables has configuration issues which explain why port forwarding isn't working for me.
Question to anyone running a Nano with Antman 3.0.0c *and* port forwarding works for newly provisioned Antlets. Can you run the following commands and post back the results:
systemctl status firewalld
And then this:
ls -la /etc/sysconfig/ip*
My Antman 3.0.0c does not address the port forwarding issue and the Services screen in Antman no longer shows the short list Antsle related services that 3.0.0.b did. The firewalld status above for me shows that iptables has configuration issues which explain why port forwarding isn't working for me.
Quote from Brian on February 19, 2020, 1:37 pmI'm having the same issue.
I also upgraded to the latest 3.0.0c and I'm unable to see any port forwards I have created, nor if I create a new antlet (vm) I cannot access any antlets via ssh from a computer on the same LAN as the nano.
I don't think you're alone.
netstat does not show the expected ports to be opened.
Just to clarify, I can in fact access any antlet directly from the cli of the nano via ssh@antlet.local.ip
Output Requested:
systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 1970-01-01 00:00:11 UTC; 50 years 1 months ago
Docs: man:firewalld(1)
Main PID: 1002 (firewalld)
Tasks: 2
Memory: 30.1M
CGroup: /system.slice/firewalld.service
└─1002 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopidJan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:30 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching...hat chain?).
Jan 01 00:00:31 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching...hat chain?).
Hint: Some lines were ellipsized, use -l to show in full.# ls -la /etc/sysconfig/ip*
-rw-------. 1 root root 2134 Aug 8 2019 /etc/sysconfig/ip6tables-config
-rw-------. 1 root root 2116 Aug 8 2019 /etc/sysconfig/iptables-config
I'm having the same issue.
I also upgraded to the latest 3.0.0c and I'm unable to see any port forwards I have created, nor if I create a new antlet (vm) I cannot access any antlets via ssh from a computer on the same LAN as the nano.
I don't think you're alone.
netstat does not show the expected ports to be opened.
Just to clarify, I can in fact access any antlet directly from the cli of the nano via ssh@antlet.local.ip
Output Requested:
systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 1970-01-01 00:00:11 UTC; 50 years 1 months ago
Docs: man:firewalld(1)
Main PID: 1002 (firewalld)
Tasks: 2
Memory: 30.1M
CGroup: /system.slice/firewalld.service
└─1002 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:30 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching...hat chain?).
Jan 01 00:00:31 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching...hat chain?).
Hint: Some lines were ellipsized, use -l to show in full.
# ls -la /etc/sysconfig/ip*
-rw-------. 1 root root 2134 Aug 8 2019 /etc/sysconfig/ip6tables-config
-rw-------. 1 root root 2116 Aug 8 2019 /etc/sysconfig/iptables-config
Quote from soneill on February 19, 2020, 1:54 pmI tried using the Port Forwarding page to manually add a port forward for 22011 to a newly create antlet which has IP 10.1.1.10. So my firewalld status has the in addition to what you have above:
Feb 19 00:42:09 myantsle firewalld[1788]: WARNING: NOT_ENABLED: '22011:tcp' not in 'public'
Feb 19 00:42:10 myantsle firewalld[1788]: WARNING: NOT_ENABLED: '22011:tcp:22:10.1.1.10' not in 'public'Figured I wasn't alone but thinking with the claim that 3.0.0c addresses port forwarding someone *might* reply indicating it does work.
I opened a ticket on this issue. Waiting to see if I get any formal technical support coverage on it.
I tried using the Port Forwarding page to manually add a port forward for 22011 to a newly create antlet which has IP 10.1.1.10. So my firewalld status has the in addition to what you have above:
Feb 19 00:42:09 myantsle firewalld[1788]: WARNING: NOT_ENABLED: '22011:tcp' not in 'public'
Feb 19 00:42:10 myantsle firewalld[1788]: WARNING: NOT_ENABLED: '22011:tcp:22:10.1.1.10' not in 'public'
Figured I wasn't alone but thinking with the claim that 3.0.0c addresses port forwarding someone *might* reply indicating it does work.
I opened a ticket on this issue. Waiting to see if I get any formal technical support coverage on it.
Quote from soneill on February 19, 2020, 4:19 pmSome minor status.
<I am not Antsle support ...>
There is another update to 3.0.0c. One thing it did fix is the Services listing now matches what 3.0.0b had. Port forwarding is still not working and the detail of errors shown using "systemctl status firewalld" are now gone. Blessing or obfuscation problem ... remains to be seen.
</I am not Antsle support ...>
Some minor status.
<I am not Antsle support ...>
There is another update to 3.0.0c. One thing it did fix is the Services listing now matches what 3.0.0b had. Port forwarding is still not working and the detail of errors shown using "systemctl status firewalld" are now gone. Blessing or obfuscation problem ... remains to be seen.
</I am not Antsle support ...>
Quote from Joe on February 20, 2020, 2:20 pmHi,
Antsle dev here! We caught an issue on our side and are working on a fix.
Joe
Hi,
Antsle dev here! We caught an issue on our side and are working on a fix.
Joe
Quote from Daniel Scott on February 20, 2020, 3:16 pm@jared_85k re: your port forwarding question. 😉 ^^
@jared_85k re: your port forwarding question. 😉 ^^
Quote from chamorroroots on February 24, 2020, 12:17 pmQuote from Joe on February 20, 2020, 2:20 pmHi,
Antsle dev here! We caught an issue on our side and are working on a fix.
Joe
Any updates on the release to fix the bugs?
Thanks.
Quote from Joe on February 20, 2020, 2:20 pmHi,
Antsle dev here! We caught an issue on our side and are working on a fix.
Joe
Any updates on the release to fix the bugs?
Thanks.
Quote from chamorroroots on February 28, 2020, 10:13 pmAntman 3.0.0d on Nano: 🙁
systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-02-26 03:12:50 UTC; 3 days ago
Docs: man:firewalld(1)
Main PID: 2082 (firewalld)
CGroup: /machine.slice/machine-lxc\x2d7633\x2ddikiki.scope/system.slice/firewalld.service
└─2082 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopidFeb 26 03:12:49 antlet10 systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 26 03:12:50 antlet10 systemd[1]: Started firewalld - dynamic firewall daemon.
Feb 26 03:12:50 antlet10 firewalld[2082]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'security'Error occurred at line: 11
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Feb 26 03:12:50 antlet10 firewalld[2082]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'Error occurred at line: 11
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'security'Error occurred at line: 10
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: INVALID_ZONE
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: INVALID_ZONE
Antman 3.0.0d on Nano: 🙁
systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-02-26 03:12:50 UTC; 3 days ago
Docs: man:firewalld(1)
Main PID: 2082 (firewalld)
CGroup: /machine.slice/machine-lxc\x2d7633\x2ddikiki.scope/system.slice/firewalld.service
└─2082 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Feb 26 03:12:49 antlet10 systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 26 03:12:50 antlet10 systemd[1]: Started firewalld - dynamic firewall daemon.
Feb 26 03:12:50 antlet10 firewalld[2082]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'security'
Error occurred at line: 11
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Feb 26 03:12:50 antlet10 firewalld[2082]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 11
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: INVALID_ZONE
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: INVALID_ZONE
Quote from chamorroroots on March 3, 2020, 12:38 pm@ddmscott I will try and update to 3.0.0.d again. Otherwise, my previous post after updating to 3.0.0.d yielded the errors above.
@ddmscott I will try and update to 3.0.0.d again. Otherwise, my previous post after updating to 3.0.0.d yielded the errors above.
Quote from Daniel Scott on March 3, 2020, 12:41 pm@chamorroroots if you could try running
upgrade-antman 3.0.0d
And let me know if the errors still hold. I notice they mention firewalld and we are switching to iptables in the update -- firewalld doesn't like the Nano 🙂
@chamorroroots if you could try running
upgrade-antman 3.0.0d
And let me know if the errors still hold. I notice they mention firewalld and we are switching to iptables in the update -- firewalld doesn't like the Nano 🙂