Bug: Port forwarding loop crashed #2960
Description
Is this urgent?
Yes
Host OS
Synology (not relevant)
CPU arch
x86_64
VPN service provider
ProtonVPN
What are you using to run the container
docker-compose
What is the version of Gluetun
commit d3c7d3c ·
What's the problem 🤔
Port forwarding loop crashes when attempting to parse an iptables call.
Share your logs (at least 10 lines)
2025-10-31T06:12:27Z INFO [port forwarding] starting
2025-10-31T06:12:27Z INFO [port forwarding] gateway external IPv4 address is 180.149.229.132
2025-10-31T06:12:27Z INFO [port forwarding] port forwarded is 63499
2025-10-31T06:12:27Z INFO [firewall] setting allowed input port 63499 through interface tun0...
2025-10-31T06:12:27Z DEBUG [firewall] /usr/sbin/iptables-legacy --append INPUT -i tun0 -p tcp -m tcp --dport 63499 -j ACCEPT
2025-10-31T06:12:27Z DEBUG [firewall] /usr/sbin/ip6tables-legacy --append INPUT -i tun0 -p tcp -m tcp --dport 63499 -j ACCEPT
2025-10-31T06:12:27Z DEBUG [firewall] /usr/sbin/iptables-legacy --append INPUT -i tun0 -p udp -m udp --dport 63499 -j ACCEPT
2025-10-31T06:12:27Z DEBUG [firewall] /usr/sbin/ip6tables-legacy --append INPUT -i tun0 -p udp -m udp --dport 63499 -j ACCEPT
2025-10-31T06:12:27Z INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2025-10-31T06:12:27Z INFO [port forwarding] --2025-10-31 06:12:27-- http://127.0.0.1:8080/api/v2/app/setPreferences
2025-10-31T06:12:27Z INFO [port forwarding] Connecting to 127.0.0.1:8080... connected.
2025-10-31T06:12:27Z INFO [port forwarding] HTTP request sent, awaiting response... 200 OK
2025-10-31T06:12:27Z INFO [port forwarding] Length: 0 [text/plain]
2025-10-31T06:12:27Z INFO [port forwarding] Saving to: 'STDOUT'
2025-10-31T06:12:27Z INFO [port forwarding]
2025-10-31T06:12:27Z INFO [port forwarding] 0K 0.00 =0s
2025-10-31T06:12:27Z INFO [port forwarding]
2025-10-31T06:12:28Z WARN [http server] route GET /v1/vpn/status is unprotected by default, please set up authentication following the documentation at https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#authentication since this will become no longer publicly accessible after release v3.40.
2025-10-31T06:12:28Z DEBUG [http server] access to route GET /v1/vpn/status authorized for role public
2025-10-31T06:12:28Z INFO [http server] 200 GET /status wrote 21B to 127.0.0.1:51526 in 461.169µs
2025-10-31T06:13:12Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:13:12Z DEBUG [port forwarding] port forwarded 63499 maintained
2025-10-31T06:13:57Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:13:57Z DEBUG [port forwarding] port forwarded 63499 maintained
2025-10-31T06:14:42Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:14:42Z DEBUG [port forwarding] port forwarded 63499 maintained
2025-10-31T06:15:27Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:15:27Z DEBUG [port forwarding] port forwarded 63499 maintained
2025-10-31T06:16:12Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:16:12Z DEBUG [port forwarding] port forwarded 63499 maintained
2025-10-31T06:16:57Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:16:57Z DEBUG [port forwarding] port forwarded 63499 maintained
2025-10-31T06:17:42Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:17:42Z DEBUG [port forwarding] port forwarded 63499 maintained
2025-10-31T06:18:27Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:18:27Z DEBUG [port forwarding] port forwarded 63499 maintained
2025-10-31T06:19:12Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:19:12Z DEBUG [port forwarding] port forwarded 63499 maintained
2025-10-31T06:19:57Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2025-10-31T06:19:57Z INFO [firewall] removing allowed port 63499...
2025-10-31T06:19:57Z DEBUG [firewall] /usr/sbin/iptables-legacy -t filter -L INPUT --line-numbers -n -v
2025-10-31T06:19:57Z ERROR [port forwarding] external port changed: 63499 changed to 40762
2025-10-31T06:19:57Z INFO [port forwarding] stopping
2025-10-31T06:19:57Z INFO [firewall] removing allowed port 63499...
2025-10-31T06:19:57Z DEBUG [firewall] /usr/sbin/iptables-legacy -t filter -L INPUT --line-numbers -n -v
2025-10-31T06:19:57Z ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 63499 on interface tun0: finding iptables chain rule line number: parsing chain list: parsing chain rule "1 2230 211K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 ": parsing chain rule field: parsing protocol: unknown protocol: all
2025-10-31T06:19:57Z INFO dns ticker: terminated ✔️
2025-10-31T06:19:57Z INFO updater ticker: terminated ✔️
2025-10-31T06:19:57Z INFO http server: terminated ✔️
2025-10-31T06:19:57Z INFO control: terminated ✔️
2025-10-31T06:19:57Z INFO updater: terminated ✔️
2025-10-31T06:19:57Z INFO tickers: terminated ✔️
2025-10-31T06:19:57Z INFO HTTP health server: terminated ✔️
2025-10-31T06:19:58Z WARN vpn: goroutine shutdown timed out: after 1s ⚠️
2025-10-31T06:19:58Z INFO shadowsocks proxy: terminated ✔️
2025-10-31T06:19:58Z INFO http proxy: terminated ✔️
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x88 pc=0x9e65e2]
goroutine 88 [running]:
internal/sync.(*Mutex).Lock(...)
internal/sync/mutex.go:63
sync.(*Mutex).Lock(...)
sync/mutex.go:46
github.com/qdm12/dns/v2/pkg/server.(*Server).Stop(0x0)
github.com/qdm12/dns/[email protected]/pkg/server/server.go:149 +0x42
github.com/qdm12/gluetun/internal/dns.(*Loop).stopServer(0xc0002641b0)
github.com/qdm12/gluetun/internal/dns/run.go:102 +0x1c
github.com/qdm12/gluetun/internal/dns.(*Loop).runWait(0xc0002641b0, {0x14ee778, 0xc00023ee60}, 0x0)
github.com/qdm12/gluetun/internal/dns/run.go:77 +0x157
github.com/qdm12/gluetun/internal/dns.(*Loop).Run(0xc0002641b0, {0x14ee778, 0xc00023ee60}, 0xc0002f59d0?)
github.com/qdm12/gluetun/internal/dns/run.go:66 +0x38f
created by main._main in goroutine 20
./main.go:399 +0x2745
Share your configuration
gluetun:
image: qmcgaw/gluetun
environment:
VPN_SERVICE_PROVIDER: protonvpn
VPN_TYPE: wireguard
WIREGUARD_PRIVATE_KEY: ***
SERVER_COUNTRIES: ***
SERVER_CITIES: ***
PORT_FORWARD_ONLY: on
VPN_PORT_FORWARDING: on
DNS_KEEP_NAMESERVER: on
VPN_PORT_FORWARDING_UP_COMMAND: >
/bin/sh -c 'wget -O- --retry-connrefused --post-data
"json={\"listen_port\":{{PORTS}}}"
http://127.0.0.1:8080/api/v2/app/setPreferences 2>&1'
UPDATER_PERIOD: 24h
LOG_LEVEL: debug
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun