Login

u/Upper_Juice308

▲ 3 r/gluetun

Can No Longer Access qBittorrent GUI Through Gluetun

Like the title says... I think this was working before because I still had a VPN client enabled outside of Gluetun, but that sends all traffic through the VPN which is obviously not ideal. I disabled the external VPN connection, rebooted server, and the same Gluetun config is still not working.

Gluetun is creating tun0 and is getting an IP, but there are a handful of errors in the logs that suggest that I need to install a kernel module to use the mark flag. Google/AI suggests xt_mark, but I do not see this module in my system. I am using an Asustor NAS, so I even tried loading the "sudo modprobe tun" command as suggested for Synology users and rebuilt the containers after that with no luck.

This seems like an environment issue that I'm hoping someone has encountered before. Nonetheless, I've disabled the firewall temporarily to rule it out and I've tried setting "FIREWALL_OUTBOUND_SUBNETS" to "192.168.0.0/24" (my local subnet) - both to no avail. My machine has rebooted many times since the issue presented itself. I have also ensured that my qBittorrent config allows for GUI connections from all server NICs. qBittorrent container logs do not show anything helpful.

Any ideas would be greatly appreciated!

Gluetun Docker logs:

Warning: Extension mark is not supported, missing kernel module?
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 172.21.0.0/16 -i eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.21.0.2/32 -d 172.21.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -s 172.21.0.2/32 -d 192.168.0.0/24 -o eth0 -j ACCEPT
-A OUTPUT -d 50.118.162.4/32 -o eth0 -p udp -m udp --dport 1195 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 32869 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 8.8.8.8/32 -p tcp -m tcp --sport 42177 --dport 443 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 45081 --dport 443 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 8.8.8.8/32 -p tcp -m tcp --sport 55583 --dport 53 --tcp-flags RST RST -m markWarning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
--mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 51725 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 53171 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 49349 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 44623 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 59965 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 52929 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 56103 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcpWarning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
--sport 42027 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 59593 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 53325 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 51205 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
COMMIT
# Completed on Mon May 18 17:07:38 2026
2026-05-18T17:07:38-05:00 WARN [MTU discovery] reverting firewall changes: finding iptables chain rule line number: parsing chain list: iptables chain list output is malformed: legend "Warning: Extension mark revision 0 not supported, missing kernel module?" is not the expected "num pkts bytes target prot opt in out source destination"
2026-05-18T17:07:38-05:00 WARN [iptables] restoring IPv4 iptables failed: exit status 1: iptables-restore: line 2 failed: restoring from data:
# Generated by iptables-save v1.8.11 (nf_tables) on Mon May 18 17:07:38 2026
Warning: Extension mark revision 0 not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 172.21.0.0/16 -i eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.21.0.2/32 -d 172.21.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -s 172.21.0.2/32 -d 192.168.0.0/24 -o eth0 -j ACCEPT
-A OUTPUT -d 50.118.162.4/32 -o eth0 -p udp -m udp --dport 1195 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 32869 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 8.8.8.8/32 -p tcp -m tcp --sport 42177 --dport 443 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 45081 --dport 443 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 8.8.8.8/32 -p tcp -m tcp --sport 55583 --dport 53 --tcp-flags RST RST -m markWarning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
--mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 51725 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 53171 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 49349 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 44623 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 59965 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 52929 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 56103 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcpWarning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
--sport 42027 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 59593 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 53325 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 51205 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
COMMIT
# Completed on Mon May 18 17:07:38 2026
2026-05-18T17:07:38-05:00 WARN [MTU discovery] reverting firewall changes: finding iptables chain rule line number: parsing chain list: iptables chain list output is malformed: legend "Warning: Extension mark revision 0 not supported, missing kernel module?" is not the expected "num pkts bytes target prot opt in out source destination"
2026-05-18T17:07:38-05:00 INFO [MTU discovery] setting VPN interface tun0 MTU to maximum valid MTU 1171
2026-05-18T17:07:38-05:00 INFO [dns] DNS server listening on [::]:53
2026-05-18T17:07:38-05:00 INFO [dns] ready and using DNS server with dot upstream resolvers
2026-05-18T17:07:38-05:00 INFO [dns] downloading hostnames and IP block lists
2026-05-18T17:08:03-05:00 INFO [ip getter] Public IP address is 193.19.109.25 (United States, Washington, Seattle - source: ipinfo+ifconfig.co+ip2location+cloudflare)
2026-05-18T17:08:03-05:00 INFO [dns] leak check report: 172.68.21.230 (20%), 172.68.21.231 (20%), 172.71.149.78 (20%), 108.162.244.84 (10%), 172.68.21.229 (10%), 172.69.191.224 (10%), 172.71.145.35 (10%)
2026-05-18T17:08:04-05:00 INFO [vpn] You are running on the bleeding edge of latest!

My compose stack:

version: "3"
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: Gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
volumes:
- /share/Docker/Gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=expressvpn
- OPENVPN_USER=${OPENVPN_USER}
- OPENVPN_PASSWORD=${OPENVPN_PWD}
- TZ=America/Chicago
- FIREWALL=off
restart: unless-stopped
ports:
- 18181:18181 # Web GUI
- 6881:6881 # Torrenting port
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qBittorrent
network_mode: "container:Gluetun"
# depends_on: # Ensure qBittorrent starts after Gluetun
# - gluetun
environment:
- PUID=1000
- PGID=1000
- UMASK=002
- WEBUI_PORT=18181
- TORRENTING_PORT=6881
- LIBTORRENT=v1
volumes:
- /share/Docker/qBittorrent/config:/config
- /share/Docker/qBittorrent/downloads:/downloads
restart: unless-stopped

reddit.com
u/Upper_Juice308 — 3 days ago
▲ 5 r/gluetun

Cannot Access qBitTorrent GUI in Gluetun Stack

I am new to Gluetun (and qBitTorrent via Docker) and am really struggling to access the GUI. I've tried everything that is commented out - and in almost every combination conceivable. The qBit logs state that the server is running at https://localhost:8080 no matter what - and no matter what, https://[NAS IP]:18181 loads nothing (I also tried 8080 each time just cause). The Gluetun container is almost verbatim taken from the wiki, but I feel like I am missing something important in my qBit section. Might be more of a qBit problem, but I know someone here has some insight

ervices:

gluetun:

image: qmcgaw/gluetun:latest

container_name: gluetun

cap_add:

- NET_ADMIN

devices:

- /dev/net/tun:/dev/net/tun

volumes:

- /share/Docker/Glueton:/gluetun

environment:

- VPN_SERVICE_PROVIDER=expressvpn

- OPENVPN_USER=REDACTED

- OPENVPN_PASSWORD=REDACTED

# - FIREWALL_INPUT_PORTS=8080

# - FIREWALL_OUTBOUND_SUBNETS=192.168.0.0/24

restart: unless-stopped

ports:

- 18181:8080

qbittorrent:

image: ghcr.io/hotio/qbittorrent

container_name: qBitTorrent

network_mode: "container:gluetun"

depends_on:

- gluetun

environment:

- PUID=1000

- PGID=1000

- UMASK=002

# - WEBUI_PORT=8080 #also tried 18181

- LIBTORRENT=v1

# - WEBUI_BIND_ADDRESS=0.0.0.0 # also tried statically setting to my NAS IP

# - QBITTORRENT__WEBUI__HOST_HEADER_VALIDATION=false

volumes:

- /share/Docker/qBitTorrent/config:/config

- /share/Docker/qBitTorrent/data:/data

restart: unless-stopped

TIA!

reddit.com
u/Upper_Juice308 — 16 days ago