Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] NAT Kernel support
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cezar.serban
n00b
n00b


Joined: 08 Aug 2013
Posts: 11

PostPosted: Tue Aug 20, 2013 5:01 pm    Post subject: [SOLVED] NAT Kernel support Reply with quote

Hello.

I am trying to use NAT on a Gentoo router. However it seems the kernel does not support this function, and I am at my wit's end trying to find out how to add it.

Code:
iptables v1.4.16.3: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.


I tried compiling the kernel with the options in the following wiki page but I cannot find the modules listed (the page was update in 2008, I suppose the structure has changed): http://www.gentoo-wiki.info/HOWTO_quick_routing
The only kernel option I found was : Netfilter connection tracking support and not the others.

Kernel : 3.8.13-gentoo #11 SMP Tue Aug 20 11:28:12 EEST 2013 i686 Intel(R) Xeon(TM) CPU 2.80GHz GenuineIntel GNU/Linux

zgrep FILTER /proc/config.gz

Code:
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_BRIDGE_NETFILTER=y
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_ACCT=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
# CONFIG_NETFILTER_TPROXY is not set
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_MARK=y
# CONFIG_NETFILTER_XT_SET is not set
# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
CONFIG_NETFILTER_XT_TARGET_HL=y
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
# CONFIG_NETFILTER_XT_TARGET_LOG is not set
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CPU=y
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
CONFIG_NETFILTER_XT_MATCH_ECN=y
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
CONFIG_NETFILTER_XT_MATCH_HL=y
CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
CONFIG_NETFILTER_XT_MATCH_NFACCT=y
# CONFIG_NETFILTER_XT_MATCH_OSF is not set
# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
CONFIG_NETFILTER_XT_MATCH_POLICY=y
# CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
CONFIG_NETFILTER_XT_MATCH_REALM=y
# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
CONFIG_IP_NF_MATCH_RPFILTER=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_BRIDGE_EBT_T_FILTER=y


zgrep NAT /proc/config.gz

Code:
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
# CONFIG_HIBERNATION is not set
CONFIG_BRIDGE_EBT_T_NAT=y
CONFIG_BRIDGE_EBT_DNAT=y
CONFIG_BRIDGE_EBT_SNAT=y
CONFIG_NET_VENDOR_NATSEMI=y
# CONFIG_NATSEMI is not set
# CONFIG_NATIONAL_PHY is not set
CONFIG_CHECK_SIGNATURE=y


I have searched around as other people have had the same problem but I have had found a clear answer. Is the structure for menuconfig in /usr/src/linux different in gentoo than in other distributions?

IPTABLES works for the most part, with public addresses but I require NAT support as well.


Last edited by cezar.serban on Wed Aug 21, 2013 3:24 pm; edited 1 time in total
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Tue Aug 20, 2013 6:40 pm    Post subject: Reply with quote

Also check the _NF_ options like CONFIG_IP_NF_IPTABLES ? This may be new to 3.8.

Warning: I haven't tested my NAT on 3.8.x recently so I'm not even sure if it still works...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
cezar.serban
n00b
n00b


Joined: 08 Aug 2013
Posts: 11

PostPosted: Tue Aug 20, 2013 6:56 pm    Post subject: Reply with quote

Thanks for the advice. I will try and compile all kernel options using another router with an older kernel which has NAT capabilities and hopefully I'll be able to get it working.

Even though the kernel is relatively new, I doubt IPTABLES stopped being able to provide this functionality.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21490

PostPosted: Tue Aug 20, 2013 10:27 pm    Post subject: Reply with quote

Did you enable NF_CONNTRACK_IPV4?
Back to top
View user's profile Send private message
CleanTestr
n00b
n00b


Joined: 15 Jan 2013
Posts: 47
Location: somewhere in Rural Nebraska, USA

PostPosted: Wed Aug 21, 2013 7:05 am    Post subject: Reply with quote

I'm on 3.8.13 multi-lib, and I don't use NAT (but I use Iptables), so:

zgrep NAT /proc/config.gz

CONFIG_HIBERNATION=y
# CONFIG_NF_NAT_IPV4 is not set
# CONFIG_NF_NAT_IPV6 is not set
CONFIG_NET_ACT_NAT=m
_________________
Stan: A signal? Why didn't you wake me?
790: It was a distress signal. They only lead to trouble, so I always ignore them. --Lexx
Back to top
View user's profile Send private message
cezar.serban
n00b
n00b


Joined: 08 Aug 2013
Posts: 11

PostPosted: Wed Aug 21, 2013 3:34 pm    Post subject: Reply with quote

I managed to compile the necessary modules. If anyone is interested:

Code:
 Symbol: NF_NAT_IPV4 [=y]                                                                                                                           
  Type  : tristate                                                                                                                                   
  Prompt: IPv4 NAT                                                                                                                                   
  Defined at net/ipv4/netfilter/Kconfig:146                                                                                                         
  Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=y] && NF_CONNTRACK_IPV4 [=y]                                             
  Location:                                                                                                                                         
  -> Networking support (NET [=y])                                                                                                               
  -> Networking options                                                                                                                         
  -> Network packet filtering framework (Netfilter) (NETFILTER [=y])                                                                         
  -> IP: Netfilter Configuration                                                                                                           
 -> IP tables support (required for filtering/masq/NAT) (IP_NF_IPTABLES [=y])                                                           
  Selects: NF_NAT [=y]


Actually,I just compiled everything in IP: Netfilter Configuration in order to make sure. Also some in Core Netfilter Configuration, but I doubt they were needed.

zgrep -i NAT /usr/src/linux/.config

CONFIG_ARCH_HIBERNATION_POSSIBLE=y
# CONFIG_HIBERNATION is not set
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
# CONFIG_NF_NAT_AMANDA is not set
# CONFIG_NF_NAT_FTP is not set
# CONFIG_NF_NAT_IRC is not set
# CONFIG_NF_NAT_SIP is not set
# CONFIG_NF_NAT_TFTP is not set
CONFIG_NF_NAT_IPV4=y
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
CONFIG_BRIDGE_EBT_T_NAT=y
CONFIG_BRIDGE_EBT_DNAT=y
CONFIG_BRIDGE_EBT_SNAT=y
CONFIG_NET_VENDOR_NATSEMI=y
# CONFIG_NATSEMI is not set
# CONFIG_NATIONAL_PHY is not set
# Native drivers
CONFIG_CHECK_SIGNATURE=y

zgrep -i IPv4 /usr/src/linux/.config

CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_NAT_IPV4=y

Thank you for all your input. I have marked the thread as solved.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum