Iptables error message

Robotics & Edge Computing Jetson & Embedded Systems Jetson Orin Nano
,
1

Based on the information at https://www.jetson-ai-lab.com/models.html, I ran the following command to evaluate NanoLLM with the Gemma 3 1B model:

docker run -it --rm \
  -e OLLAMA_MODEL=gemma3:1b \
  -e OLLAMA_MODELS=/root/.ollama \
  -e OLLAMA_HOST=0.0.0.0:9000 \
  -e OLLAMA_CONTEXT_LEN=4096 \
  -e OLLAMA_LOGS=/root/.ollama/ollama.log \
  -v /ssd/.cache/ollama:/root/.ollama \
  --gpus all \
  -p 9000:9000 \
  -e DOCKER_PULL=always --pull always \
  -e HF_TOKEN=${HF_TOKEN} \
  -e HF_HUB_CACHE=/root/.cache/huggingface \
  -v /mnt/nvme/cache:/root/.cache \
  dustynv/ollama:main-r36.4.0

Unfortunately, that operation generated an unfamiliar error message:

May 12 14:22:54 jetson2 dockerd[1529]: time="2025-05-12T14:22:54.650521566-05:00" level=error msg="Handler for POST /v1.49/containers/48585340fc49c73f41a04df0a915a1d4ae76e28ad3f53e327edc1dd646468088/start returned error: failed to set up container networking: driver failed programming external connectivity on endpoint pensive_ride (39ae9124312738ae422acb7454f54c5147167eb3063f522df794203f45595477): Unable to enable DIRECT ACCESS FILTERING - DROP rule:  (iptables failed: iptables --wait -t raw -A PREROUTING -p tcp -d 172.17.0.2 --dport 9000 ! -i docker0 -j DROP: iptables v1.8.7 (legacy): can't initialize iptables table `raw': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\n (exit status 3))"

I’ve checked the logs:

$ sudo systemctl restart docker
$ sudo journalctl -u docker.service -f
May 12 14:50:55 jetson2 dockerd[263694]: time="2025-05-12T14:50:55.325255589-05:00" level=info msg="Loading containers: start."
May 12 14:50:55 jetson2 dockerd[263694]: time="2025-05-12T14:50:55.361277878-05:00" level=warning msg="Could not load necessary modules for IPSEC rules: protocol not supported"
May 12 14:50:55 jetson2 dockerd[263694]: time="2025-05-12T14:50:55.737740674-05:00" level=warning msg="Error (Unable to complete atomic operation, key modified) deleting object [endpoint_count 6111522b5bfb2eb787cf1eeb121af342c1a47d8663e650359bdcf8ea27def27f], retrying...."
May 12 14:50:56 jetson2 dockerd[263694]: time="2025-05-12T14:50:56.002932373-05:00" level=info msg="Loading containers: done."

but I don’t know what to fix. The installed JetPack is:

$ dpkg-query --show nvidia-l4t-core
nvidia-l4t-core	36.4.3-20250107174145

My original post was on my erroneous use of jetson-containers. That was fixed based on the support received here. This iptables message is something new. The Nano has active Ethernet and Wi-Fi connectivity, but I don’t know how to resolve this error message. Suggestions will be sincerely appreciated. Thanks.

Regards.

3

Hi,

This is a known issue and the iptable support is added in our future release.
Currently, you can downgrade the docker to avoid the error:

$ sudo apt-get install -y docker-ce=5:27.5* docker-ce-cli=5:27.5* --allow-downgrades

You can find more details in the below topic:

Thanks.

1 Like
4

Appreciate your indulgence and patience. You had made this recommendation a few months ago. That issue was promptly resolved, but somewhere I got carried away and permitted the upgrade unwittingly.

This check will now be part of my personal prerequisites until I am told otherwise. Thanks.

Regards.

6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.