Docker compose - Unable to enable Direct Access Filtering on Jetson Orin Nano Super

Accelerated Computing NGC GPU Cloud Docker and NVIDIA Docker
,
1

I successfully installed JetPack 6.2 and my Jetson Orin Nano’s firmware is 36.4.3-gcid-38968081.
And my jetson uses nvme ssd.

image
image845×293 9.95 KB

my docker-compose.yaml is as below

services:
  redis:
    image: redis:alpine3.21
    container_name: redis
    ports:
      - "6379:6379"
    restart: always

  mariadb:
    image: mariadb:11.6.2
    container_name: maria
    volumes:
      - ./db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=******
      - MYSQL_DATABASE=******
    ports:
        - "3306:3306"
    restart: always

The following error occurs when docker compose up -d is entered.

Error response from daemon: 
  failed to set up container networking: 
    driver failed programming external connectivity on endpoint redis (8cde9ff1d7d9901e0df8a1b1a4d2f6f6b29d6be8aa702b42800ef7e8422cbf13): 
      Unable to enable DIRECT ACCESS FILTERING - DROP rule:  
        (iptables failed: iptables --wait -t raw -A PREROUTING -p tcp -d 172.18.0.2 --dport 6379 ! -i br-1024daea6df0 -j DROP: iptables v1.8.7 (legacy): can't initialize iptables table `raw'
          : Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3))

Is there anything else I need to do?

I removed installed docker and followed docker’s official install docs.
and I followed this document to install docker.
Am I need to re-flash jetpack..?

  • I removed gui
sudo apt-get remove --purge gnome-* gdm3 # GNOME 관련 모든 패키지 삭제
sudo apt-get autoremove --purge
sudo apt-get autoclean
2

I reinstalled Docker(Clean Install!) with Docker Official Installation and edit /etc/docker/daemon.json

//  /etc/docker/daemon.json
{
    "runtimes": {
        "nvidia": {
            "args": [],
            "path": "nvidia-container-runtime"
        }
    },
    "iptables": false,    <--- append
    "bridge": "none"      <--- append
}

// nftables to iptables
sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

And then, I could start with docker compose up!

jetson@ubuntu:~$ docker compose up -d
[+] Running 2/2
 ✔ Container maria  Started                                                                                                                               0.3s 
 ✔ Container redis  Started

!important!

I dont know pre-installed docker is work with this.
I want nvidia’s official walkthrough…

3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.