Since using latest build on rpi4 nightly-20251128-85c6ad7 and docker addon service.system.docker v12.80.4.3 some containers aren't reachable anymore.
tailscale and adguard work (host mode)
modbusproxy, evcc and homeassistant don't work (port mapping)
Seems container with network mode host work.
Something to do with nftables changes?
Whilst nftables is a mandatory library, it is not used by docker as-is.
The nftables change has changed the backend of iptables to nft.
I’m assuming that you have compiled your own docker addon? As the addon has yet to be made available on the addon server.
You can see my “iptables --list” in the PR
I installed docker addon today from libreelec repository. No self compiled addon.
On le build nightly-20251126-0c9ec90 addon 12.80.4.2 works, if I update addon to 12.80.4.3 addon doesn't work anymore.
LibreELEC:~ # docker container ls
failed to connect to the docker API at unix:///var/run/docker.sock; check if the path is correct and if the daemon is running: dial unix /var/run/docker.sock: connect: no such file or directory
Docker daemon is not running.
Can you please share:
systemctl status docker | cat
docker version
LibreELEC:~ # systemctl status docker | cat
× service.system.docker.service - Docker Application Container Engine
Loaded: loaded (/storage/.config/system.d/service.system.docker.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Sat 2025-11-29 11:41:53 CET; 1min 2s ago
Duration: 1h 42min 31.448s
Invocation: 219ff5580c0e4af3a60302813638d23e
Docs: https://docs.docker.com
Process: 25763 ExecStartPre=/storage/.kodi/addons/service.system.docker/bin/docker-config (code=exited, status=0/SUCCESS)
Process: 25765 ExecStart=/storage/.kodi/addons/service.system.docker/bin/dockerd --exec-opt native.cgroupdriver=systemd --log-driver=journald --group=root $DOCKER_DAEMON_OPTS $DOCKER_STORAGE_OPTS (code=exited, status=127)
Main PID: 25765 (code=exited, status=127)
CPU: 20ms
Nov 29 11:41:53 LibreELEC systemd[1]: Starting service.system.docker.service...
Nov 29 11:41:53 LibreELEC dockerd[25765]: /storage/.kodi/addons/service.system.docker/bin/dockerd: error while loading shared libraries: libnftables.so.1: cannot open shared object file: No such file or directory
Nov 29 11:41:53 LibreELEC systemd[1]: service.system.docker.service: Main process exited, code=exited, status=127/n/a
Nov 29 11:41:53 LibreELEC systemd[1]: service.system.docker.service: Failed with result 'exit-code'.
Nov 29 11:41:53 LibreELEC systemd[1]: Failed to start service.system.docker.service.
LibreELEC:~ # docker version
Client:
Version: 29.0.4
API version: 1.52
Go version: go1.25.4
Git commit: 3247a5aae3791c8306f5b2e215c314267c31c570
Built: Fri Nov 28 21:44:55 UTC 2025
OS/Arch: linux/arm64
Context: default
failed to connect to the docker API at unix:///var/run/docker.sock; check if the path is correct and if the daemon is running: dial unix /var/run/docker.sock: connect: no such file or directory
Can you please check
ldd /storage/.kodi/addons/service.system.docker/bin/dockerd
ls -la /usr/lib/libnft*
LibreELEC:~ # ldd /storage/.kodi/addons/service.system.docker/bin/dockerd
linux-vdso.so.1 (0x0000007f9478c000)
libresolv.so.2 => /usr/lib/libresolv.so.2 (0x0000007f94720000)
libnftables.so.1 => not found
libsystemd.so.0 => /usr/lib/libsystemd.so.0 (0x0000007f94600000)
libc.so.6 => /usr/lib/libc.so.6 (0x0000007f94470000)
libm.so.6 => /usr/lib/libm.so.6 (0x0000007f943c0000)
/lib/ld-linux-aarch64.so.1 => /usr/lib/ld-linux-aarch64.so.1 (0x0000007f94750000)
LibreELEC:~ # ls -la /usr/lib/libnft*
ls: /usr/lib/libnft*: No such file or directory
Can you please confirm you are running 20251128-85c6ad7? Versions before this will not have the libraries.
cat /etc/os-release
I'm running nightly-20251126-0c9ec90.
You need 20251128-85c6ad7 or greater for nft
After update to 20251128-85c6ad7:
LibreELEC:~/bin # cat /etc/os-release
NAME="LibreELEC"
VERSION="nightly-20251128-85c6ad7"
ID="libreelec"
VERSION_ID="13.0"
PRETTY_NAME="LibreELEC (community): nightly-20251128-85c6ad7"
HOME_URL="https://libreelec.tv"
BUG_REPORT_URL="https://github.com/LibreELEC/LibreELEC.tv"
BUILD_ID="85c6ad77fde17dc1fc5a583c33d4d76c63cb872b"
DISTRO_ARCH="RPi4.aarch64"
DISTRO_BUILD="community"
DISTRO_PROJECT="RPi"
DISTRO_DEVICE="RPi4"
LibreELEC:~/bin # ldd /storage/.kodi/addons/service.system.docker/bin/dockerd
linux-vdso.so.1 (0x0000007fa1d3c000)
libresolv.so.2 => /usr/lib/libresolv.so.2 (0x0000007fa1cd0000)
libnftables.so.1 => /usr/lib/libnftables.so.1 (0x0000007fa1be0000)
libsystemd.so.0 => /usr/lib/libsystemd.so.0 (0x0000007fa1ac0000)
libc.so.6 => /usr/lib/libc.so.6 (0x0000007fa1930000)
libmnl.so.0 => /usr/lib/libmnl.so.0 (0x0000007fa1900000)
libnftnl.so.11 => /usr/lib/libnftnl.so.11 (0x0000007fa18a0000)
libm.so.6 => /usr/lib/libm.so.6 (0x0000007fa17f0000)
/lib/ld-linux-aarch64.so.1 => /usr/lib/ld-linux-aarch64.so.1 (0x0000007fa1d00000)
LibreELEC:~/bin # ls -la /usr/lib/libnft*
lrwxrwxrwx 1 root root 20 Nov 28 14:51 /usr/lib/libnftables.so -> libnftables.so.1.1.0
lrwxrwxrwx 1 root root 20 Nov 28 14:51 /usr/lib/libnftables.so.1 -> libnftables.so.1.1.0
-rwxr-xr-x 1 root root 867824 Nov 28 14:51 /usr/lib/libnftables.so.1.1.0
lrwxrwxrwx 1 root root 18 Nov 28 14:48 /usr/lib/libnftnl.so -> libnftnl.so.11.6.0
lrwxrwxrwx 1 root root 18 Nov 28 14:48 /usr/lib/libnftnl.so.11 -> libnftnl.so.11.6.0
-rwxr-xr-x 1 root root 271232 Nov 28 14:48 /usr/lib/libnftnl.so.11.6.0
but
LibreELEC:~/bin # systemctl status docker | cat
● service.system.docker.service - Docker Application Container Engine
Loaded: loaded (/storage/.config/system.d/service.system.docker.service; enabled; preset: disabled)
Active: active (running) since Sat 2025-11-29 13:30:59 CET; 4min 14s ago
Invocation: 52f44be00d7a4d918a0603f2d981588d
Docs: https://docs.docker.com
Process: 3645 ExecStartPre=/storage/.kodi/addons/service.system.docker/bin/docker-config (code=exited, status=0/SUCCESS)
Main PID: 3649 (dockerd)
Tasks: 164 (limit: 8192)
CPU: 4.816s
CGroup: /system.slice/service.system.docker.service
├─3649 /storage/.kodi/addons/service.system.docker/bin/dockerd --exec-opt native.cgroupdriver=systemd --log-driver=journald --group=root --data-root=/storage/.kodi/userdata/addon_data/service.system.docker/docker --storage-driver=overlay2
├─3659 containerd --config /var/run/docker/containerd/containerd.toml
├─4106 /storage/.kodi/addons/service.system.docker/bin/containerd-shim-runc-v2 -namespace moby -id f58f69a5bae8c43d5d3449c051375395258f04cafc02f08584bb210fe2f37212 -address /var/run/docker/containerd/containerd.sock
├─4152 /storage/.kodi/addons/service.system.docker/bin/containerd-shim-runc-v2 -namespace moby -id ca0ab1753975148f43730e3de21dfad782c6fa1a16e8dfe34195649815fd2613 -address /var/run/docker/containerd/containerd.sock
├─4207 /storage/.kodi/addons/service.system.docker/bin/containerd-shim-runc-v2 -namespace moby -id 01b63d16d6c3132accc1a9738a9199edb550aeee2aa464ea9ea83ca4e35791e2 -address /var/run/docker/containerd/containerd.sock
├─4247 /storage/.kodi/addons/service.system.docker/bin/containerd-shim-runc-v2 -namespace moby -id f0f2ff8813f30d2642b2a489f00fcbc4faf59fbd264ad0d0c7f8e0e161a3b798 -address /var/run/docker/containerd/containerd.sock
├─4292 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7070 -container-ip 172.18.0.2 -container-port 7070 -use-listen-fd
├─4298 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip :: -host-port 7070 -container-ip 172.18.0.2 -container-port 7070 -use-listen-fd
├─4317 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 8887 -container-ip 172.18.0.2 -container-port 8887 -use-listen-fd
├─4324 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip :: -host-port 8887 -container-ip 172.18.0.2 -container-port 8887 -use-listen-fd
├─4342 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 7050 -container-ip 172.18.0.3 -container-port 7050 -use-listen-fd
├─4348 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip :: -host-port 7050 -container-ip 172.18.0.3 -container-port 7050 -use-listen-fd
├─4825 /storage/.kodi/addons/service.system.docker/bin/containerd-shim-runc-v2 -namespace moby -id dcae0403239f6a15c33fb4bea75173d1ce1526d431dd5af01825110a751095b9 -address /var/run/docker/containerd/containerd.sock
├─4887 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5020 -container-ip 172.18.0.4 -container-port 502 -use-listen-fd
├─4893 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip :: -host-port 5020 -container-ip 172.18.0.4 -container-port 502 -use-listen-fd
├─4911 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 5030 -container-ip 172.18.0.4 -container-port 503 -use-listen-fd
└─4917 /storage/.kodi/addons/service.system.docker/bin/docker-proxy -proto tcp -host-ip :: -host-port 5030 -container-ip 172.18.0.4 -container-port 503 -use-listen-fd
Nov 29 13:35:13 LibreELEC f0f2ff8813f3[3649]: 2025/11/29 12:35:13 control: controlhttp: failed dialing using DialPlan, falling back to DNS; errs=all connection attempts failed (HTTP: dial tcp [2606:b740:49::108]:80: connect: network is unreachable, HTTPS: dial tcp [2606:b740:49::108]:443: connect: network is unreachable)
Nov 29 13:35:13 LibreELEC f0f2ff8813f3[3649]: all connection attempts failed (HTTP: TLS forced: no port 80 dialed, HTTPS: dial tcp [2606:b740:49::115]:443: connect: network is unreachable)
Nov 29 13:35:13 LibreELEC f0f2ff8813f3[3649]: all connection attempts failed (HTTP: TLS forced: no port 80 dialed, HTTPS: dial tcp [2606:b740:49::106]:443: connect: network is unreachable)
Nov 29 13:35:13 LibreELEC f0f2ff8813f3[3649]: all connection attempts failed (HTTP: TLS forced: no port 80 dialed, HTTPS: dial tcp [2606:b740:49::113]:443: connect: network is unreachable)
Nov 29 13:35:13 LibreELEC f0f2ff8813f3[3649]: connection attempts aborted by context: context deadline exceeded
Nov 29 13:35:13 LibreELEC f0f2ff8813f3[3649]: connection attempts aborted by context: context deadline exceeded
Nov 29 13:35:13 LibreELEC f0f2ff8813f3[3649]: connection attempts aborted by context: context deadline exceeded
Nov 29 13:35:13 LibreELEC f0f2ff8813f3[3649]: connection attempts aborted by context: context deadline exceeded
Nov 29 13:35:14 LibreELEC f0f2ff8813f3[3649]: 2025/11/29 12:35:14 netcheck: netcheck: UDP is blocked, trying HTTPS
Nov 29 13:35:14 LibreELEC f0f2ff8813f3[3649]: 2025/11/29 12:35:14 netcheck: UDP is blocked, trying ICMP
LibreELEC:~/bin # docker version
Client:
Version: 29.0.4
API version: 1.52
Go version: go1.25.4
Git commit: 3247a5aae3791c8306f5b2e215c314267c31c570
Built: Fri Nov 28 21:44:55 UTC 2025
OS/Arch: linux/arm64
Context: default
Server:
Engine:
Version: 29.0.4
API version: 1.52 (minimum version 1.44)
Go version: go1.25.4
Git commit: 4612690e23f7c4200af175e12cae206b2ee00c7b
Built: Fri Nov 28 22:06:42 UTC 2025
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 2.2.0
GitCommit: 1c4457e00facac03ce1d75f7b6777a7a851e5c41
runc:
Version: 1.3.3
GitCommit: d842d7719497cc3b774fd71620278ac9e17710e0
docker-init:
Version: 0.19.0
GitCommit:
Looks to be ipv6 traffic not passing.
ip6tables --list
iptables --list
On my system show the docker chains in both. I have connectivity from the docker containers.
LibreELEC:~ # ip6tables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (0 references)
target prot opt source destination
Chain DOCKER-BRIDGE (1 references)
target prot opt source destination
Chain DOCKER-CT (1 references)
target prot opt source destination
Chain DOCKER-FORWARD (1 references)
target prot opt source destination
DOCKER-CT all -- anywhere anywhere
DOCKER-INTERNAL all -- anywhere anywhere
DOCKER-BRIDGE all -- anywhere anywhere
Chain DOCKER-INTERNAL (1 references)
target prot opt source destination
Chain DOCKER-USER (1 references)
target prot opt source destination
LibreELEC:~ # iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.18.0.3 tcp dpt:8887
ACCEPT tcp -- anywhere 172.18.0.3 tcp dpt:7070
ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:7050
DROP all -- anywhere anywhere
Chain DOCKER-BRIDGE (1 references)
target prot opt source destination
DOCKER all -- anywhere anywhere
Chain DOCKER-CT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Chain DOCKER-FORWARD (1 references)
target prot opt source destination
DOCKER-CT all -- anywhere anywhere
DOCKER-INTERNAL all -- anywhere anywhere
DOCKER-BRIDGE all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain DOCKER-INTERNAL (1 references)
target prot opt source destination
Chain DOCKER-USER (1 references)
target prot opt source destination
