Antsle Forum
Welcome to our Antsle community! This forum is to connect all Antsle users to post experiences, make user-generated content available for the entire community and more.
Please note: This forum is about discussing one specific issue at a time. No generalizations. No judgments. Please check the Forum Rules before posting. If you have specific questions about your Antsle and expect a response from our team directly, please continue to use the appropriate channels (email: [email protected]) so every inquiry is tracked.
Antman 3.0.0c on Nano .. having issues (resolved)
Question to anyone running a Nano with Antman 3.0.0c *and* port forwarding works for newly provisioned Antlets. Can you run the following commands and post back the results:
systemctl status firewalld
And then this:
ls -la /etc/sysconfig/ip*
My Antman 3.0.0c does not address the port forwarding issue and the Services screen in Antman no longer shows the short list Antsle related services that 3.0.0.b did. The firewalld status above for me shows that iptables has configuration issues which explain why port forwarding isn't working for me.
I'm having the same issue.
I also upgraded to the latest 3.0.0c and I'm unable to see any port forwards I have created, nor if I create a new antlet (vm) I cannot access any antlets via ssh from a computer on the same LAN as the nano.
I don't think you're alone.
netstat does not show the expected ports to be opened.
Just to clarify, I can in fact access any antlet directly from the cli of the nano via ssh@antlet.local.ip
Output Requested:
systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 1970-01-01 00:00:11 UTC; 50 years 1 months ago
Docs: man:firewalld(1)
Main PID: 1002 (firewalld)
Tasks: 2
Memory: 30.1M
CGroup: /system.slice/firewalld.service
└─1002 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-2' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:29 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION' failed: iptables: No chain/target/match by that name.
Jan 01 00:00:30 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching...hat chain?).
Jan 01 00:00:31 bnano1 firewalld[1002]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching...hat chain?).
Hint: Some lines were ellipsized, use -l to show in full.
# ls -la /etc/sysconfig/ip*
-rw-------. 1 root root 2134 Aug 8 2019 /etc/sysconfig/ip6tables-config
-rw-------. 1 root root 2116 Aug 8 2019 /etc/sysconfig/iptables-config
I tried using the Port Forwarding page to manually add a port forward for 22011 to a newly create antlet which has IP 10.1.1.10. So my firewalld status has the in addition to what you have above:
Feb 19 00:42:09 myantsle firewalld[1788]: WARNING: NOT_ENABLED: '22011:tcp' not in 'public'
Feb 19 00:42:10 myantsle firewalld[1788]: WARNING: NOT_ENABLED: '22011:tcp:22:10.1.1.10' not in 'public'
Figured I wasn't alone but thinking with the claim that 3.0.0c addresses port forwarding someone *might* reply indicating it does work.
I opened a ticket on this issue. Waiting to see if I get any formal technical support coverage on it.
Some minor status.
<I am not Antsle support ...>
There is another update to 3.0.0c. One thing it did fix is the Services listing now matches what 3.0.0b had. Port forwarding is still not working and the detail of errors shown using "systemctl status firewalld" are now gone. Blessing or obfuscation problem ... remains to be seen.
</I am not Antsle support ...>
Hi,
Antsle dev here! We caught an issue on our side and are working on a fix.
Joe
@jared_85k re: your port forwarding question. 😉 ^^
Antman 3.0.0d on Nano: 🙁
systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2020-02-26 03:12:50 UTC; 3 days ago
Docs: man:firewalld(1)
Main PID: 2082 (firewalld)
CGroup: /machine.slice/machine-lxc\x2d7633\x2ddikiki.scope/system.slice/firewalld.service
└─2082 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Feb 26 03:12:49 antlet10 systemd[1]: Starting firewalld - dynamic firewall daemon...
Feb 26 03:12:50 antlet10 systemd[1]: Started firewalld - dynamic firewall daemon.
Feb 26 03:12:50 antlet10 firewalld[2082]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'security'
Error occurred at line: 11
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Feb 26 03:12:50 antlet10 firewalld[2082]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 11
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: iptables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: COMMAND_FAILED: '/usr/sbin/ip6tables-restore -w -n' failed: ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'security'
Error occurred at line: 10
Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: INVALID_ZONE
Feb 26 03:12:51 antlet10 firewalld[2082]: ERROR: INVALID_ZONE
@chamorroroots if you could try running
upgrade-antman 3.0.0d
And let me know if the errors still hold. I notice they mention firewalld and we are switching to iptables in the update -- firewalld doesn't like the Nano 🙂