Zerotier synology docker is missing core functionality

hi , to make it short .

i followed this

made sure it is working .

i would like for the NAS to be the VPN exit node .

so i tried to follow this

HOWEVER ! iptables is missing !

i made sure NET_ADMIN and NET_RAW are enabled (i did followed the guide which also indicate that it is included)

so i tried to add it manually .
apk add iptables

when i tried to run iptables this is what i receive

sudo iptables -t nat -A POSTROUTING -o $WAN_IF -j MASQUERADE            
Warning: Extension MASQUERADE revision 0 not supported, missing kernel module?   
iptables v1.8.10 (nf_tables): Could not fetch rule set generation id: Invalid arg

help would be great , thanks

update, which is weird and should not work that way in my eyes .

all of this

need to be done on the HOST , synology nas machine .
it will work .

problem you might have is on restart , since there is no iptable persistent on the nas.
what i came up with (havent checked if that works is)

setting up a cronjob , in /etc/crontab

added one line

@reboot export ZT_IF=ztyqbw6yks && export WAN_IF=eth0 && sudo iptables -t nat -A POSTROUTING -o $WAN_IF -j MASQUERADE && sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT && sudo iptables -A FORWARD -i $ZT_IF -o $WAN_IF -j ACCEPT && sudo iptables-save

any plan on fixing the issue on the docker side ?

the crontable i wrote earlier did not work .
there is a need to run as root , and to export variable .

so i am updating it
this is how my crontab looks now

#minute hour    mday    month   wday    who     command   
@reboot root  sleep 60 && /sbin/iptables -t nat -A POSTROUTING -o $WAN_IF -j MASQUERADE && /sbin/iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT && sudo /sbin/iptables -A FORWARD -i $ZT_IF -o $WAN_IF -j ACCEPT && /sbin/iptables-save