7.2. Troubleshooting iptables#
This section provides troubleshooting information for the Configuring iptables for K3s phase of Running the LOCKSS Installer.
7.2.1. Switch iptables to legacy mode via Alternatives#
K3s 1.21.5+k3s1 (the version used by LOCKSS 2.0-beta1 NOT YET RELEASED) does not always work with iptables versions 1.8.0-1.8.3 when run via Alternatives but not in legacy
mode, for instance in some Debian or Ubuntu systems [1]. If install-lockss detects this situation, you will see a warning message and the following prompt [2]:
Switch iptables to legacy mode via Alternatives?
Enter Y to accept the proposed iptables configuration. If you bypass the proposed configuration, K3s may malfunction.
The remediation attempted by install-lockss is equivalent to:
# Required only if ufw is active
ufw disable
# Required
update-alternatives --set iptables /usr/sbin/iptables-legacy
# Required
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
# Optional
update-alternatives --set arptables /usr/sbin/arptables-legacy
# Optional
update-alternatives --set ebtables /usr/sbin/ebtables-legacy
# Required only if ufw was active
ufw enable
7.2.2. Post-Installation Changes to iptables#
If your system did not initially need an adjustment for iptables at the time K3s was installed, but later does (for example because iptables is upgraded from a pre-1.8.0 version to version 1.8.0 or later), run this command (relative to the LOCKSS Installer Directory) as a privileged user who can become root
via sudo [3]:
scripts/install-lockss --configure-iptables
This will run only the Configuring iptables for K3s phase of install-lockss.
Footnotes