7.2. Troubleshooting iptables
7.2.1. Switch iptables to legacy mode via Alternatives
K3s 1.21.5+k3s1 (the version used by LOCKSS 2.0-alpha5) does not always work with iptables version 1.8.0-1.8.3 when run via Alternatives but not in
legacy mode, for instance in some Debian or Ubuntu systems 1. If install-lockss detects this situation, you will see a warning message and the following prompt 2:
Switch iptables to legacy mode via Alternatives?
Enter Y to accept the proposed iptables configuration. If you bypass the proposed configuration, K3s may malfunction.
The remediation attempted by install-lockss is equivalent to:
# Required only if ufw is active ufw disable # Required update-alternatives --set iptables /usr/sbin/iptables-legacy # Required update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy # Optional update-alternatives --set arptables /usr/sbin/arptables-legacy # Optional update-alternatives --set ebtables /usr/sbin/ebtables-legacy # Required only if ufw was active ufw enable
7.2.2. Post-Installation Changes to iptables
If your system did not initially need an adjustment for iptables at the time K3s was installed, but later does (for example because iptables is upgraded from a pre-1.8.0 version to version 1.8.0 or later), run this command (relative to the LOCKSS Installer Directory) as a privileged user who can become
root via sudo 3:
This will run only the Configuring iptables for K3s phase of install-lockss.