On Wed, 22.04.15 15:12, Tobias Hunger (tobias.hun...@gmail.com) wrote: > >> Then I have trouble with "systemd-nspawn --network-veth": The host0 > >> interface won't come up and stays in degraded state. On the host i get > >> the following line in the journal: > >> > >> systemd-networkd[509]: ve-XXX : Could not enable IP masquerading: > >> Protocol not available > >> > >> I have an nftables based firewall up and running, so maybe networkd is > >> expecting iptables to be in use? > > > > Most likely iptables is compiled as kernel module for you. The module > > cannot be auto-loaded currently, iptables manually loads it for you on > > first invocation, networkd doesn't. If you load it manually (by adding > > it to modules-load.d for example) things should work. > > I loaded the ip-tables module manually now and that does indeed fix > the error message in my original mail. The machine still stays in > "degraded (configuring)" forever though. > > As I said: I have a fully set up nftables-based firewall, so I expect > systemd will have trouble doing anything sensible with iptables. I > read iptables are a wrapper around nftables nowadays, but iptables -L > does not show any of my rules, so that might be the reason for the > trouble I am seeing.
Well, to my knowledge the kernel actually supports both in parallel. networkd + nspawn only do iptables. > Do I need to reinstall my machines using an iptables firewall for this to > work? No need. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel