Hey Guys
I am trying to run docker on the image which was installed with Axon but I found that kernel installed is missing CONFIG_IP_NF_RAW $ zgrep IP_NF_RAW /proc/config.gz

CONFIG_IP_NF_RAW is not set

I can try building the kernel myself but just wanted to check if you have suggestion to fix it without building the kernel

This is the actual error I get when running docker compose:

Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint frigate (a57f39a9fb52d5be0fb7017e6bddc9fbadf1d56fea7cb50d36420c72bce7e02a): Unable to enable DIRECT ACCESS FILTERING - DROP rule:  (iptables failed: iptables --wait -t raw -A PREROUTING -p tcp -d 172.18.0.2 --dport 8554 ! -i br-2beec5707418 -j DROP: iptables v1.8.7 (legacy): can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

@abhi, could you please share the kernel version you are using?

Hey Pratiksha,

Here is my kernel
Linux vicharak 5.10.160-axon #axon SMP Fri Nov 29 16:15:43 IST 2024 aarch64 aarch64 aarch64 GNU/Linux

Regards
Abhi

Hi @Abhi,

Since you are using an older version of the kernel, I recommend flashing a new image with Kernel 6.1.
You can download it from the following link:

Vicharak Axon Ubuntu 24 Noble

Steps to follow after flashing the new image:

1. Update the system packages:

   sudo apt update && sudo apt upgrade
   

2. Reboot the board:

   sudo reboot
   

3. Follow the Docker setup instructions from the official documentation:
   Install Docker on Ubuntu

If you prefer not to flash a new image, you can manually update the Linux kernel using .deb packages from:

Linux Upstream Packages

Steps to manually update the kernel:

1. Remove the existing kernel packages:

   sudo apt purge linux-image-<version> linux-headers-<version>
   

2. Install the new kernel packages:

   sudo apt install ./linux-*
   

3. Reboot the board:

   sudo reboot
   

4. Start the Docker service:

   sudo service docker start
   

Check Kernel Compatibility

Since your kernel may not support nftables, check the iptables backend:

sudo update-alternatives --display iptables

If it shows nft, switch to legacy mode:

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

Then restart Docker:

sudo systemctl restart docker

You can now start using Docker. If you encounter any issues, feel free to reach out.

Best regards,
Pratiksha

No joy!

vicharak@vicharak:~/frigate$ uname -r
6.1.75-axon
vicharak@vicharak:~/frigate$ zgrep IP_NF_RAW /proc/config.gz

CONFIG_IP_NF_RAW is not set

Have you installed the new Debian packages from the server?

I suggest following the steps without looking for the CONFIG_IP_NF_RAW flag.

Try starting Docker first. If it fails, update iptables using the following commands:

sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

Yes I installed from the server as per your suggestion. I am using 22.04 LTS release fyi.

I have seleteted correct iptables:

vicharak@vicharak:~/frigate$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
------------------------------------------------------------
  0            /usr/sbin/iptables-nft      20        auto mode
* 1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode

I am trying to run Installation | Frigate using docker compose. It still throw the following error:

vicharak@vicharak:~/frigate$ docker compose up -d
WARN[0000] /home/vicharak/frigate/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 0/1
 ⠴ Container frigate  Starting                                                                                                                                               0.5s 
Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint frigate (ddad2362a1de4a269c0932d1a0b2691b53c9a9d6b4d7d5e3f3180248c116835d): Unable to enable DIRECT ACCESS FILTERING - DROP rule:  (iptables failed: iptables --wait -t raw -A PREROUTING -p tcp -d 172.18.0.2 --dport 8554 ! -i br-2beec5707418 -j DROP: iptables v1.8.7 (legacy): can't initialize iptables table `raw': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3))

Does your kernel is build with config_ip_raw? Can you help me point to correct kernel config too, I will see if I can build the kernel myself,

It’s just purely not about kernel, we are adding support for other dependencies as well. Will reply you tomorrow.

Hey @Abhi,

We have updated the kernel support. You can get the new kernel packages from the vicharak apt server.
Check the updated packages, upgrade, and try Frigate with the updated kernel.

We will provide a kernel build guide soon. If you need any other help, let us know!

Thank-you both, it seems to work fine now.

Hi, I am also unable to run docker on Axon.
OS: Ubuntu Noble
Kernel version:

Linux vicharak 6.1.75-axon #axon SMP Mon Apr 28 16:49:13 IST 2025 aarch64 aarch64 aarch64 GNU/Linux

I have followed the above steps. The error I am getting after running:

$ sudo docker run hello-world
$ docker: Error response from daemon: failed to set up container networking: failed to create endpoint kind_goldstine on network bridge: failed to add the host (veth14c8741) <=> sandbox (vethca050ec) pair interfaces: operation not supported

Can anyone guide me on this.

@gargville,
Can you get the docker0 interface when you run ip a command ?

Yes, docker0 is present.

$ ip - a
$ 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 1e:45:82:bd:fd:d1 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

sudo docker network list shows all three bridge, host and none.

Could you also share the output of below command ?

zcat /proc/config.gz | grep -i "IP_NF_RAW"

If this config, is there in kernel, chances may be service is not running properly.

sudo systemctl status docker

Here are the results:

$ zcat /proc/config.gz | grep -i "IP_NF_RAW"
$ CONFIG_IP_NF_RAW=m

$ sudo systemctl status docker --no-pager --full
$ ● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: enabled)
     Active: active (running) since Wed 2025-05-14 08:59:54 IST; 21min ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 1780 (dockerd)
     Memory: 90.9M (peak: 92.6M)
        CPU: 1.252s
     CGroup: /system.slice/docker.service
             └─1780 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

May 14 08:59:53 vicharak dockerd[1780]: time="2025-05-14T08:59:53.901314326+05:30" level=info msg="[graphdriver] using prior storage driver: overlay2"
May 14 08:59:53 vicharak dockerd[1780]: time="2025-05-14T08:59:53.910959118+05:30" level=info msg="Loading containers: start."
May 14 08:59:54 vicharak dockerd[1780]: time="2025-05-14T08:59:54.613424546+05:30" level=warning msg="Error (Unable to complete atomic operation, key modified) deleting object [endpoint_count ae39a8639e91b207101003bb8f5d85395b4bc5801da647b2cd13213b42388aaa], retrying...."
May 14 08:59:54 vicharak dockerd[1780]: time="2025-05-14T08:59:54.712854301+05:30" level=info msg="Loading containers: done."
May 14 08:59:54 vicharak dockerd[1780]: time="2025-05-14T08:59:54.767418916+05:30" level=warning msg="Not using native diff for overlay2, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled" storage-driver=overlay2
May 14 08:59:54 vicharak dockerd[1780]: time="2025-05-14T08:59:54.767608990+05:30" level=info msg="Docker daemon" commit=01f442b containerd-snapshotter=false storage-driver=overlay2 version=28.1.1
May 14 08:59:54 vicharak dockerd[1780]: time="2025-05-14T08:59:54.768017124+05:30" level=info msg="Initializing buildkit"
May 14 08:59:54 vicharak dockerd[1780]: time="2025-05-14T08:59:54.815306206+05:30" level=info msg="Completed buildkit initialization"
May 14 08:59:54 vicharak dockerd[1780]: time="2025-05-14T08:59:54.833815671+05:30" level=info msg="Daemon has completed initialization"
May 14 08:59:54 vicharak dockerd[1780]: time="2025-05-14T08:59:54.834052097+05:30" level=info msg="API listen on /run/docker.sock"

You just need to update the kernel.

sudo apt update 
sudo apt reinstall linux-image-6.1.75-axon

In order to apply, Reboot the Axon.

sudo reboot

@Avi_Shihora Thanks a lot. This worked.