[Pkg-libvirt-maintainers] Bug#994127: libvirt-daemon: Error creating virtual network - iptables (nf_tables) table `nat' is incompatible, use 'nft'

Andrea Bolognani eof at kiyuko.org
Sun Oct 20 10:58:06 BST 2024 

On Sun, Sep 12, 2021 at 01:40:58PM +0200, Benedikt Tuchen wrote:
> Package: libvirt-daemon
> Version: 7.0.0-3
> Severity: graves
> 
> Dear Maintainer,
> 
> while trying to create a new virtual network on a fresh Debian 11 install I get
> the following error:
> 
> ----
> Traceback (most recent call last):
>   File "/usr/share/virt-manager/virtManager/asyncjob.py", line 65, in cb_wrapper
>     callback(asyncjob, *args, **kwargs)
>   File "/usr/share/virt-manager/virtManager/createnet.py", line 428, in _async_net_create
>     netobj.create()
>   File "/usr/lib/python3/dist-packages/libvirt.py", line 3436, in create
>     raise libvirtError('virNetworkCreate() failed')
> libvirt.libvirtError: internal error: Failed to apply firewall rules /usr/sbin/iptables -w --table nat --list-rules: iptables v1.8.7 (nf_tables): table `nat' is incompatible, use 'nft' tool.
> ----
> 
> I've installed the following packages:
> qemu-kvm qemu-system-x86 qemu-utils libvirt-daemon-system virt-manager virt-viewer
> 
> /usr/sbin/iptables is set in automode to /usr/sbin/iptables-nft via update-alternatives.
> 
> I've tried to create virtual network with virt-manager.
> 
> When trying to set the rule on commandline it fails with the same error.
> 
> If you need more information feel free to ask.

Hi Benedikt,

can you still reproduce this on Debian 12?

My impression is that it was not really an issue with libvirt in the
first place, but possibly some incompatibility with the iptables
userspace with the nft kernel module or something along those lines,
which I expect would have been addressed by now.

Thanks in advance for checking.

-- 
Andrea Bolognani <eof at kiyuko.org>
Resistance is futile, you will be garbage collected.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20241020/82c86a5d/attachment.sig>

More information about the Pkg-libvirt-maintainers mailing list