Synology Exits with "unable to detect hairpin mode (is the docker daemon running?)"

[wangliangliang2]

I encountered same problem in #67 and #28 .
I found difference in synology system.

the reason of [unable to detect hairpin mode (is the docker daemon running?)] in synology is the lack of ip6table_nat.ko and the other ip6* module?

[robbertkl]

Hi, I would advise to switch to Docker's built-in IPv6 NAT, which seems to work great. Please see #65.

Otherwise, #67 contains some workarounds, like downgrading the iptables package.

[wangliangliang2]

I would advise to switch to Docker's built-in IPv6 NAT, which seems to work great

no,it will be a disaster.because docker in synology add "ip6tables": true will crash.

[DerGuteWolf]

@wangliangliang2 were you able to resolve this on synology?

[qm3ster]

Adding

  "ipv6": true,
  "fixed-cidr-v6": "fd00:dead:beef::/48",
  "ip6tables": true,
  "experimental": true

to /var/packages/Docker/etc/dockerd.json makes it not start.
I get

Nov 25 04:51:41 cubic dockerd[31673]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: ip6tables --wait -t nat -N DOCKER: ip6tabl
es v1.8.3 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Nov 25 04:51:41 cubic dockerd[31673]: Perhaps ip6tables or your kernel needs to be upgraded.

Am I doomed?

[Windman1320]

Got same question in my Diskstation, I'm confused

[wangliangliang2]

@wangliangliang2 were you able to resolve this on synology?

yep, please see in https://github.com/wangliangliang2/fix_synology_docker_ipv6

[wangliangliang2]

Adding

  "ipv6": true,
  "fixed-cidr-v6": "fd00:dead:beef::/48",
  "ip6tables": true,
  "experimental": true

to /var/packages/Docker/etc/dockerd.json makes it not start. I get

Nov 25 04:51:41 cubic dockerd[31673]: failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: ip6tables --wait -t nat -N DOCKER: ip6tabl
es v1.8.3 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Nov 25 04:51:41 cubic dockerd[31673]: Perhaps ip6tables or your kernel needs to be upgraded.

Am I doomed?

cause synology no support. you should run https://github.com/wangliangliang2/fix_synology_docker_ipv6 first

[qm3ster]

@wangliangliang2 adding/replacing a bunch of kernel modules with unknown binaries? That doesn't sound remotely robust/safe.

1. Where did you get them? Did you build them yourself? If so, what is the source code/makefile? I'd much rather build them myself, perhaps on the synology itself.
2. In iptables_modules_list, what are the changes? Perhaps it should be a patch or a sed command rather than just replacing the file blindly?

[DerGuteWolf]

This was also my concerns, also what would I need on synology 7?

Or is the problem gone with 7?

[wangliangliang2]

adding/replacing a bunch of kernel modules with unknown binaries

you can rebuild it for yourself from https://github.com/SynoCommunity/spksrc

and there is an issue by me SynoCommunity/spksrc#4713 (comment)

[wangliangliang2]

This was also my concerns, also what would I need on synology 7?

Or is the problem gone with 7?
maybe you can read this and rebuild iptables and ipv6 module for yourself
SynoCommunity/spksrc#4713 (comment)

[wangliangliang2]

2. In iptables_modules_list, what are the changes? Perhaps it should be a patch or a sed command rather than just replacing the file blindly

use it or not ,depending on yourself, I will not care so much things.
as I said you can rebuild ipv6 module and iptables for yourself by https://github.com/SynoCommunity/spksrc