can't initialize iptables table 'nat' under qemu

Question

I am facing an issue while starting docker inside s390x container under qemu on Ubuntu 18.04 host running on amd64.

Steps followed (On amd64 host):

docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
docker run --privileged -it s390x/ubuntu:18.04
apt-get update
curl -fsSL https://download.docker.com/linux/ubuntu/gpg
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=s390x] https://download.docker.com/linux/ubuntu bionic stable"
apt-cache policy docker-ce
service  docker start

Docker service not starting. /var/log/docker.log shows

time="2021-04-01T17:57:26.643424257Z" level=warning msg="Running modprobe nf_nat failed with message:  error: exec: \"modprobe\": executable file not found in $PATH"
time="2021-04-01T17:57:26.643706873Z" level=warning msg="Running modprobe xt_conntrack failed with message: error: exec: \"modprobe\": executable file not found in $PATH"
Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: iptables v1.6.1: can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded

.

Any settings needs to be changed /steps needs to add?

Answer 1

The error message:

iptables v1.6.1: can't initialize iptables table `nat': iptables who? (do you need to insmod?)

states that the nat table cannot be found.

This means that your operating system is missing support for NAT. You can load the NAT module by running modprobe nf_nat_ipv4.

Answer 2

Looks like for docker in docker in cross architectures is not yet supported. if we use -v /var/run/docker.sock:/var/run/docker.sock , docker will always run as client in s390x container and server from amd64.