Docker Community Forums

Share and learn in the Docker community.

Missing generally necessary components

I have this output from the ‘check-config.sh’ script. In the ‘generally necessary’ section it says I’m missing some things. What must I do to remidy those problems? CONFIG_NF_NAT_IPV4, CONFIG_NF_NAT_NEEDED. I’m guessing this all has to do with networking. Is this not right? I am working on ubuntu linux.

below is the error I get trying to initialize a dind configutation.

failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.8.3 (legacy): can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)

info: reading kernel config from /boot/config-5.4.0-31-generic …

Generally Necessary:

  • cgroup hierarchy: properly mounted [/sys/fs/cgroup]
  • apparmor: enabled and tools installed
  • CONFIG_NAMESPACES: enabled
  • CONFIG_NET_NS: enabled
  • CONFIG_PID_NS: enabled
  • CONFIG_IPC_NS: enabled
  • CONFIG_UTS_NS: enabled
  • CONFIG_CGROUPS: enabled
  • CONFIG_CGROUP_CPUACCT: enabled
  • CONFIG_CGROUP_DEVICE: enabled
  • CONFIG_CGROUP_FREEZER: enabled
  • CONFIG_CGROUP_SCHED: enabled
  • CONFIG_CPUSETS: enabled
  • CONFIG_MEMCG: enabled
  • CONFIG_KEYS: enabled
  • CONFIG_VETH: enabled (as module)
  • CONFIG_BRIDGE: enabled (as module)
  • CONFIG_BRIDGE_NETFILTER: enabled (as module)
  • CONFIG_NF_NAT_IPV4: missing
  • CONFIG_IP_NF_FILTER: enabled (as module)
  • CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
  • CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
  • CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
  • CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
  • CONFIG_IP_NF_NAT: enabled (as module)
  • CONFIG_NF_NAT: enabled (as module)
  • CONFIG_NF_NAT_NEEDED: missing
  • CONFIG_POSIX_MQUEUE: enabled

What OS you’re on ? (RHEL ?)
This looks like a iptables issue rather than a docker …

I’m on ubuntu. The kernel is 5.4.0-31-generic. I have iptables installed. I read that in this kernel the iptables was incorporated. IOW you didn’t have to modprobe anything. I also read that the iptables function in the kernel was ‘on-demand’. In any case I can run ‘sudo iptables -L’ and when I do, there are rules there for Docker. Still I get the error above when I try dind dockerfiles.