Hi all,
in order to test some containers features and try to replace some old "captive portals" in my office, I'd like to setup a container running apache+iptables. I can understand that this approach would require a VM instead of a container, but sometimes it's nice to make some testing for the love of of it.

Basically I have been building many images for containers, starting with Debian version 10 and 11. Images were built with following command on a Ubuntu WS, running kernel 6.5.0-13:
docker buildx build --platform arm64 -t debian_11 .
Images were later saved and transferred to the MKT 5009 hardware running 7.13 RouterOS.

Dockerfile:
FROM debian:stable
RUN apt-get update
RUN apt install openssh-server -y
RUN apt install net-tools iputils-ping traceroute -y
RUN apt install vim nano iproute2 iptables build-essential -y
RUN apt install isc-dhcp-client isc-dhcp-server -y
RUN apt install lshw ethtool vlan kmod -y
RUN apt install zsh tmux aria2 htop pv speedtest-cli vim curl wget netcat-traditional iperf3 iputils-ping iputils-tracepath iputils-arping iproute2 -y
RUN
RUN useradd -rm -d /home/<myusername> -s /bin/bash -g root -G sudo <myusername>
RUN echo '<myusername>::<mypass>' | chpasswd
RUN service ssh start
CMD ["/usr/sbin/sshd","-D"]

The point is that I am not able to run iptables in order to perform some NAT inside the container. Well... once I managed to but after a reboot the magic was gone and I was not able to reproduce the behaviour.

The errors I get are:
iptables -t nat -L
iptables v1.8.9 (nf_tables): Could not fetch rule set generation id: Invalid argument

root@MikroTik:/# iptables-legacy -t nat -L
iptables v1.8.9 (legacy): can't initialize iptables table `nat': Module is wrong version
Perhaps iptables or your kernel needs to be upgraded.
root@MikroTik:/#

Any help will be appreciated.

Thank you in advance. Best regards.

I described a similar problem here. According to the support, iptables is currently unavailable for third-party code. But they may eventually allow it. Please submit a ticket via the support portal.

I described a similar problem here. According to the support, iptables is currently unavailable for third-party code. But they may eventually allow it. Please submit a ticket via the support portal.

Thank you, I just submitted a feature request.

Best regards.