setup: Jetson Nano 2GB RAM, Linux jetson 4.9.253-tegra, based on newest available SD card image
I am trying to use the Jetson Nano 2GB as a home server that I want to reach from outside my home network. When trying to set up the firewall, I ran into some issues that are connected to me using IPv6 (My internet provider only provides DS lite, so i have to use IPv6). Could you help me resolve them?
When the firewall is disabled, i can access the Port i want.
Error message i get:
When i try to enable the firewall after setting incoming traffic by default to denied but allowing the port i want both for IPv4/6, i get this message when running
sudo ufw enable:
ERROR: problem running ufw-init ip6tables-restore: line 142 failed Problem running '/etc/ufw/before6.rules'
Things i checked:
I can run the enable ufw again and it does enable it. The problem is though, that i cannot access the IP and port i want anymore even when i allowed it and the rules were set for IPv4/6:
$ sudo ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW 192.168.1.0/24 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 5938/tcp ALLOW Anywhere 5938/udp ALLOW Anywhere 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 5938/tcp (v6) ALLOW Anywhere (v6) 5938/udp (v6) ALLOW Anywhere (v6) 22/tcp ALLOW 2001:db8:3c4d:1::/64
So, i went ahead, tried to do a clean reset of the iptables and ufw and setting the defaults. Same result when enabling ufw.
When I check the ufw settings with
sudo /usr/share/ufw/check-requirements it tells me:
Has python: pass (binary: python2.7, version: 2.7.17, py2) Has iptables: pass Has ip6tables: pass Has /proc/net/dev: pass Has /proc/net/if_inet6: pass This script will now attempt to create various rules using the iptables and ip6tables commands. This may result in module autoloading (eg, for IPv6). Proceed with checks (Y/n)? Y == IPv4 == Creating 'ufw-check-requirements'... done Inserting RETURN at top of 'ufw-check-requirements'... done TCP: pass UDP: pass destination port: pass source port: pass ACCEPT: pass DROP: pass REJECT: pass LOG: pass hashlimit: pass limit: pass ctstate (NEW): pass ctstate (RELATED): pass ctstate (ESTABLISHED): pass ctstate (INVALID): pass ctstate (new, recent set): pass ctstate (new, recent update): pass ctstate (new, limit): pass interface (input): pass interface (output): pass multiport: pass comment: pass addrtype (LOCAL): pass addrtype (MULTICAST): pass addrtype (BROADCAST): pass icmp (destination-unreachable): pass icmp (source-quench): pass icmp (time-exceeded): pass icmp (parameter-problem): pass icmp (echo-request): pass == IPv6 == Creating 'ufw-check-requirements6'... done Inserting RETURN at top of 'ufw-check-requirements6'... done TCP: pass UDP: pass destination port: pass source port: pass ACCEPT: pass DROP: pass REJECT: pass LOG: pass hashlimit: pass limit: pass ctstate (NEW): pass ctstate (RELATED): pass ctstate (ESTABLISHED): pass ctstate (INVALID): pass ctstate (new, recent set): pass ctstate (new, recent update): pass ctstate (new, limit): pass interface (input): pass interface (output): pass multiport: pass comment: pass icmpv6 (destination-unreachable): pass icmpv6 (packet-too-big): pass icmpv6 (time-exceeded): pass icmpv6 (parameter-problem): pass icmpv6 (echo-request): pass icmpv6 with hl (neighbor-solicitation): pass icmpv6 with hl (neighbor-advertisement): pass icmpv6 with hl (router-solicitation): pass icmpv6 with hl (router-advertisement): pass ipv6 rt: FAIL error was: ip6tables: No chain/target/match by that name. FAIL: check your kernel and that you have iptables >= 1.4.0
So i checked the iptables version, which is v1.6.1
I was not sure what to check about the kernel (completely new to kernels). So I tried to run the following commands, which i’m not sure make sense. I hope they help tracking down the issue.
I ran into this forum post,which didn’t help me though, since it has been fixed if i understand it correctly:
$ zcat /proc/config.gz | grep IPV6 CONFIG_IPV6=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y CONFIG_IPV6_MIP6=m # CONFIG_IPV6_ILA is not set # CONFIG_IPV6_VTI is not set CONFIG_IPV6_SIT=m # CONFIG_IPV6_SIT_6RD is not set CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=m # CONFIG_IPV6_FOU is not set # CONFIG_IPV6_FOU_TUNNEL is not set CONFIG_IPV6_MULTIPLE_TABLES=y # CONFIG_IPV6_SUBTREES is not set # CONFIG_IPV6_MROUTE is not set # CONFIG_IP_VS_IPV6 is not set CONFIG_NF_DEFRAG_IPV6=m CONFIG_NF_CONNTRACK_IPV6=m # CONFIG_NF_DUP_IPV6 is not set CONFIG_NF_REJECT_IPV6=m CONFIG_NF_LOG_IPV6=m CONFIG_NF_NAT_IPV6=m CONFIG_NF_NAT_MASQUERADE_IPV6=m # CONFIG_IP6_NF_MATCH_IPV6HEADER is not set # CONFIG_AF_RXRPC_IPV6 is not set
$ modinfo ipv6 modinfo: ERROR: Module ipv6 not found.
$ lsmod | grep ipv6 nf_reject_ipv6 5276 1 ip6t_REJECT nf_log_ipv6 5942 3 nf_conntrack_ipv6 12594 7 nf_defrag_ipv6 10772 1 nf_conntrack_ipv6 nf_log_common 4809 2 nf_log_ipv6,nf_log_ipv4 nf_conntrack 106659 11 nf_conntrack_ipv6,nf_conntrack_ftp,nf_conntrack_ipv4,nf_conntrack_broadcast,nf_nat_ftp,nf_conntrack_netlink,nf_conntrack_netbios_ns,nf_nat_masquerade_ipv4,xt_conntrack,nf_nat_ipv4,nf_nat
Is this issues related to the kernel? Does someone have an IPv6 setup with firewall running on the jetson nano that works? Do you have an idea what could be causing the issue?
Thanks so much for your help. I’m a bit lost at this point