Error: No such file or directory; did you mean chain ‘postrouting’ in table ip ‘lxc’?

Hello,

my system :

uname -a
Linux ubuntu 5.15.148-tegra #1 SMP PREEMPT Thu Sep 12 21:01:54 PDT 2024 aarch64 aarch64 aarch64 GNU/Linux

command :

sudo systemctl restart lxc-net.service
Job for lxc-net.service failed because the control process exited with error code.
See "systemctl status lxc-net.service" and "journalctl -xeu lxc-net.service" for details.
➜  ~ journalctl -xeu lxc-net.service
déc. 29 13:41:20 ubuntu systemd[1]: Starting LXC network bridge setup...
░░ Subject: L'unité (unit) lxc-net.service a commencé à démarrer
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ L'unité (unit) lxc-net.service a commencé à démarrer.
déc. 29 13:41:20 ubuntu lxc-net[195277]: Error: No such file or directory; did you mean chain ‘postrouting’ in table ip ‘lxc’?
déc. 29 13:41:20 ubuntu lxc-net[195277]: ;
déc. 29 13:41:20 ubuntu lxc-net[195277]:                                     ^^^
déc. 29 13:41:20 ubuntu lxc-net[195277]: Error: Could not process rule: No such file or directory
déc. 29 13:41:20 ubuntu lxc-net[195277]: ;
déc. 29 13:41:20 ubuntu lxc-net[195277]:                 ^^^^^^^^^^^
déc. 29 13:41:20 ubuntu lxc-net[195266]: Failed to setup lxc-net.
déc. 29 13:41:20 ubuntu systemd[1]: lxc-net.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ An ExecStart= process belonging to unit lxc-net.service has exited.
░░ 
░░ The process' exit code is 'exited' and its exit status is 1.
déc. 29 13:41:20 ubuntu systemd[1]: lxc-net.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ The unit lxc-net.service has entered the 'failed' state with result 'exit-code'.
déc. 29 13:41:20 ubuntu systemd[1]: Failed to start LXC network bridge setup.
░░ Subject: L'unité (unit) lxc-net.service a échoué
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░ 
░░ L'unité (unit) lxc-net.service a échoué, avec le résultat failed.
➜  ~ cat /etc/default/lxc-net                     
# This file is auto-generated by lxc.postinst if it does not
# exist.  Customizations will not be overridden.
# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
# containers.  Set to "false" if you'll use virbr0 or another existing
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="true"

# If you change the LXC_BRIDGE to something other than lxcbr0, then
# you will also need to update your /etc/lxc/default.conf as well as the
# configuration (/var/lib/lxc/<container>/config) for any containers
# already created using the default config to reflect the new bridge
# name.
# If you have the dnsmasq daemon installed, you'll also have to update
# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
# dnsmasq.  For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
# container 'mail1' always get ip address 10.0.3.100.
#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf

# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
# domain.  You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf,
# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use NetworkManager).
# Once these changes are made, restart the lxc-net and network-manager services.
# 'container1.lxc' will then resolve on your host.
#LXC_DOMAIN="lxc"
➜  ~ cat /etc/default/lxc    
# LXC_AUTO - whether or not to start containers at boot
LXC_AUTO="true"

# BOOTGROUPS - What groups should start on bootup?
#       Comma separated list of groups.
#       Leading comma, trailing comma or embedded double
#       comma indicates when the NULL group should be run.
# Example (default): boot the onboot group first then the NULL group
BOOTGROUPS="onboot,"

# SHUTDOWNDELAY - Wait time for a container to shut down.
#       Container shutdown can result in lengthy system
#       shutdown times.  Even 5 seconds per container can be
#       too long.
SHUTDOWNDELAY=5

# OPTIONS can be used for anything else.
#       If you want to boot everything then
#       options can be "-a" or "-a -A".
OPTIONS=

# STOPOPTS are stop options.  The can be used for anything else to stop.
#       If you want to kill containers fast, use -k
STOPOPTS="-a -A -s"

USE_LXC_BRIDGE="false"  # overridden in lxc-net

[ ! -f /etc/default/lxc-net ] || . /etc/default/lxc-net
➜  ~ lxc-checkconfig
LXC version 5.0.0
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled
Cgroup namespace: enabled

Cgroup v1 mount points: 


Cgroup v2 mount points: 
/sys/fs/cgroup

Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup ns_cgroup: required
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
➜  ~ sudo sh -x /usr/lib/aarch64-linux-gnu/lxc/lxc-net start
+ distrosysconfdir=/etc/default
+ varrun=/run/lxc
+ varlib=/var/lib
+ USE_LXC_BRIDGE=true
+ LXC_BRIDGE=lxcbr0
+ LXC_BRIDGE_MAC=00:16:3e:00:00:00
+ LXC_ADDR=10.0.3.1
+ LXC_NETMASK=255.255.255.0
+ LXC_NETWORK=10.0.3.0/24
+ LXC_DHCP_RANGE=10.0.3.2,10.0.3.254
+ LXC_DHCP_MAX=253
+ LXC_DHCP_CONFILE=
+ LXC_DHCP_PING=true
+ LXC_DOMAIN=
+ LXC_USE_NFT=true
+ LXC_IPV6_ADDR=
+ LXC_IPV6_MASK=
+ LXC_IPV6_NETWORK=
+ LXC_IPV6_NAT=false
+ [ ! -f /etc/default/lxc ]
+ . /etc/default/lxc
+ LXC_AUTO=true
+ BOOTGROUPS=onboot,
+ SHUTDOWNDELAY=5
+ OPTIONS=
+ STOPOPTS=-a -A -s
+ USE_LXC_BRIDGE=false
+ [ ! -f /etc/default/lxc-net ]
+ . /etc/default/lxc-net
+ USE_LXC_BRIDGE=true
+ LXC_BRIDGE=lxcbr0
+ LXC_ADDR=10.0.3.1
+ LXC_NETMASK=255.255.255.0
+ LXC_NETWORK=10.0.3.0/24
+ LXC_DHCP_RANGE=10.0.3.2,10.0.3.254
+ LXC_DHCP_MAX=253
+ command -v nft
+ NFT=/usr/sbin/nft
+ use_nft
+ [ -n /usr/sbin/nft ]
+ nft list ruleset
+ [ true = true ]
+ start
+ [ ! -f /etc/default/lxc-net ]
+ [ xtrue = xtrue ]
+ [ ! -f /run/lxc/network_up ]
+ [ -d /sys/class/net/lxcbr0 ]
+ FAILED=1
+ trap cleanup EXIT HUP INT TERM
+ set -e
+ [ ! -d /sys/class/net/lxcbr0 ]
+ ip link add dev lxcbr0 type bridge
+ echo 1
+ echo 0
+ [ ! -d /run/lxc ]
+ _ifup
+ _netmask2cidr 255.255.255.0
+ local x=0
+ set -- 0^^^128^192^224^240^248^252^254^ 24 0
+ x=
+ echo 24
+ MASK=24
+ CIDR_ADDR=10.0.3.1/24
+ ip addr add 10.0.3.1/24 broadcast + dev lxcbr0
+ ip link set dev lxcbr0 address 00:16:3e:00:00:00
+ ip link set dev lxcbr0 up
+ use_nft
+ [ -n /usr/sbin/nft ]
+ nft list ruleset
+ [ true = true ]
+ start_nftables
+ start_ipv6
+ LXC_IPV6_ARG=
+ [ -n  ]
+ NFT_RULESET=
+ [ -n  ]
+ NFT_RULESET=;
add table inet lxc;
flush table inet lxc;
add chain inet lxc input { type filter hook input priority 0; };
add rule inet lxc input iifname lxcbr0 udp dport { 53, 67 } accept;
add rule inet lxc input iifname lxcbr0 tcp dport { 53, 67 } accept;
add chain inet lxc forward { type filter hook forward priority 0; };
add rule inet lxc forward iifname lxcbr0 accept;
add rule inet lxc forward oifname lxcbr0 accept;
add table ip lxc;
flush table ip lxc;
add chain ip lxc postrouting { type nat hook postrouting priority 100; };
add rule ip lxc postrouting ip saddr 10.0.3.0/24 ip daddr != 10.0.3.0/24 counter masquerade
+ nft ;
add table inet lxc;
flush table inet lxc;
add chain inet lxc input { type filter hook input priority 0; };
add rule inet lxc input iifname lxcbr0 udp dport { 53, 67 } accept;
add rule inet lxc input iifname lxcbr0 tcp dport { 53, 67 } accept;
add chain inet lxc forward { type filter hook forward priority 0; };
add rule inet lxc forward iifname lxcbr0 accept;
add rule inet lxc forward oifname lxcbr0 accept;
add table ip lxc;
flush table ip lxc;
add chain ip lxc postrouting { type nat hook postrouting priority 100; };
add rule ip lxc postrouting ip saddr 10.0.3.0/24 ip daddr != 10.0.3.0/24 counter masquerade
Error: No such file or directory; did you mean chain ‘postrouting’ in table ip ‘lxc’?
;
                                    ^^^
Error: Could not process rule: No such file or directory
;
                ^^^^^^^^^^^
+ cleanup
+ set +e
+ [ 1 = 1 ]
+ echo Failed to setup lxc-net.
Failed to setup lxc-net.
+ stop force
+ [ xtrue = xtrue ]
+ [ -f /run/lxc/network_up ]
+ [ force = force ]
+ [ -d /sys/class/net/lxcbr0 ]
+ _ifdown
+ ip addr flush dev lxcbr0
+ ip link set dev lxcbr0 down
+ use_nft
+ [ -n /usr/sbin/nft ]
+ nft list ruleset
+ [ true = true ]
+ stop_nftables
+ NFT_RULESET=add table inet lxc;
delete table inet lxc;
add table ip lxc;
delete table ip lxc;

+ [ false = true ]
+ nft add table inet lxc;
delete table inet lxc;
add table ip lxc;
delete table ip lxc;

+ cat /run/lxc/dnsmasq.pid
+ pid=
+ rm -f /run/lxc/dnsmasq.pid
+ ls /sys/class/net/lxcbr0/brif/*
+ ip link delete lxcbr0
+ rm -f /run/lxc/network_up
+ exit 1

So : how can i start lxc?
Thx

To stop Markdown mangling the formatting, please can you edit your post and put three backticks (```), on a line of their own, before and after each config file or screen session you are quoting.

That sounds like a problem when you’re trying to load a masquerade rule.
I suspect the issues you’re running into are because of that older tegra kernel missing some bits compared to a normal Ubuntu kernel. Maybe try a more recent Ubuntu version like 24.04 to see if the newer distro and kernel behaves better.

sorry but the system is NOT negociable

Oh well, then good luck :slight_smile: