View previous topic :: View next topic |
Author |
Message |
hanj Veteran
Joined: 19 Aug 2003 Posts: 1490
|
Posted: Sun Jul 02, 2017 4:09 am Post subject: Unable to modprobe iptable_nat - Rackspace [SOLVED] |
|
|
I'm working with a 1 GB General Purpose v1 with Gentoo 15.3 installed. It is running gentoo-sources-4.0.5-gentoo.
First, here is my current iptables flags:
Code: | [ebuild R ] net-firewall/iptables-1.4.21-r1::gentoo USE="conntrack -ipv6 -netlink -static-libs" 0 KiB |
When I execute my iptables script, I get:
Code: | iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. |
So it appears that nat modules are not there. I went ahead adjusted the .config and make and make modules_install...
Code: | ls -al /lib/modules/4.0.5-gentoo/kernel/net/netfilter | grep nat
-rw-r--r-- 1 root root 5232 Jul 2 03:52 nf_nat_amanda.ko
-rw-r--r-- 1 root root 7392 Jul 2 03:52 nf_nat_ftp.ko
-rw-r--r-- 1 root root 6712 Jul 2 03:52 nf_nat_irc.ko
-rw-r--r-- 1 root root 28248 Jul 2 03:52 nf_nat.ko
-rw-r--r-- 1 root root 5216 Jul 2 03:52 nf_nat_proto_dccp.ko
-rw-r--r-- 1 root root 5456 Jul 2 03:52 nf_nat_proto_sctp.ko
-rw-r--r-- 1 root root 5176 Jul 2 03:52 nf_nat_proto_udplite.ko
-rw-r--r-- 1 root root 14096 Jul 2 03:52 nf_nat_sip.ko
-rw-r--r-- 1 root root 4696 Jul 2 03:52 nf_nat_tftp.ko
-rw-r--r-- 1 root root 6176 Jul 2 03:52 xt_nat.ko |
When I issue a modprobe
Code: | modprobe iptable_nat
modprobe: ERROR: could not insert 'iptable_nat': Unknown symbol in module, or unknown parameter (see dmesg) |
Output of dmesg:
Code: | [43513.682016] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[43546.224835] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[43673.244187] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[43778.211605] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[43793.123025] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[43846.440585] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0) |
Here are is output of NAT from the kernel config
Code: | CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
# CONFIG_NF_NAT_REDIRECT is not set
CONFIG_NETFILTER_XT_NAT=m
CONFIG_NF_NAT_IPV4=m
# CONFIG_NF_NAT_MASQUERADE_IPV4 is not set
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_IP_NF_NAT=m
# CONFIG_NF_NAT_IPV6 is not set
# CONFIG_IP6_NF_NAT is not set
CONFIG_INTEGRITY_SIGNATURE=y
CONFIG_SIGNATURE=y |
Any ideas?
Thanks!
hanji _________________ Server Admin Blog - Uno-Code.com
Last edited by hanj on Sun Jul 02, 2017 5:39 pm; edited 1 time in total |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sun Jul 02, 2017 6:24 am Post subject: |
|
|
Rebooting into the kernel the module's compiled for should fix the load errors, but WTF is "Gentoo 15.3"? Why are you using a kernel that hasn't had a single security patch in two years? You have much bigger problems to fix than a firewall right now. |
|
Back to top |
|
|
bunder Bodhisattva
Joined: 10 Apr 2004 Posts: 5934
|
Posted: Sun Jul 02, 2017 7:30 am Post subject: |
|
|
can you try recompiling your kernel?
thanks |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54098 Location: 56N 3W
|
Posted: Sun Jul 02, 2017 8:42 am Post subject: |
|
|
hanj,
Code: | [43513.682016] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0) |
Something that the nf_nat module needs is missing from the kernel.
Its not always possible to add modules without a complete kernel rebuild. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
hanj Veteran
Joined: 19 Aug 2003 Posts: 1490
|
Posted: Sun Jul 02, 2017 5:34 pm Post subject: |
|
|
Ant P. wrote: | Rebooting into the kernel the module's compiled for should fix the load errors, but WTF is "Gentoo 15.3"? Why are you using a kernel that hasn't had a single security patch in two years? You have much bigger problems to fix than a firewall right now. |
In the past with 'classic' images, you had to use Rackspace's kernel. Looks like with this version, you can emerge new versions. I was able to build and use gentoo-sources-4.9.34.
Thanks!
hank _________________ Server Admin Blog - Uno-Code.com |
|
Back to top |
|
|
hanj Veteran
Joined: 19 Aug 2003 Posts: 1490
|
Posted: Sun Jul 02, 2017 5:39 pm Post subject: |
|
|
NeddySeagoon wrote: | hanj,
Code: | [43513.682016] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0) |
Something that the nf_nat module needs is missing from the kernel.
Its not always possible to add modules without a complete kernel rebuild. |
Thanks. Once I was able to build a new kernel version, those modules now load.
Thanks for the help!
hanji _________________ Server Admin Blog - Uno-Code.com |
|
Back to top |
|
|
|