| View previous topic :: View next topic |
| Author |
Message |
ste.vaidis
n00b
Joined: 04 Jul 2018
Posts: 3
|
 Posted: Mon Jul 09, 2018 7:35 am Post subject: can't initialize iptables table `nat' |
 |
|
The problem
| Code: | iptables -t nat -S
iptables v1.6.1: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. |
I have compile iptables with nftables support
| Code: | equery u iptables
[ Legend : U - final flag setting for installation]
[ : I - package is installed with flag ]
[ Colors : set, unset ]
* Found these USE flags for net-firewall/iptables-1.6.1-r3:
U I
+ + conntrack : Build against net-libs/libnetfilter_conntrack when enables the connlabel matcher
- - ipv6 : Add support for IP version 6
+ + netlink : Build against libnfnetlink which enables the nfnl_osf util
+ + nftables : Support nftables kernel interface
+ + pcap : Build against net-libs/libpcap which enables the nfbpf_compile util
- - static-libs : Build static versions of dynamic libraries as well |
The loaded modules
| Code: |
lsmod | grep -e nat -e tables
nft_chain_nat_ipv4 16384 0
nf_tables_inet 16384 0
nf_tables_ipv6 16384 1 nf_tables_inet
nf_tables_ipv4 16384 1 nf_tables_inet
nft_nat 16384 0
nf_tables 77824 5 nft_nat,nft_chain_nat_ipv4,nf_tables_ipv6,nf_tables_ipv4,nf_tables_inet
nfnetlink 16384 1 nf_tables
nf_nat_ipv4 16384 1 nft_chain_nat_ipv4
nf_nat 24576 2 nft_nat,nf_nat_ipv4
nf_conntrack 114688 3 nf_conntrack_ipv4,nf_nat_ipv4,nf_nat
ip_tables 24576 0 |
The kernel configuration, i have try with genkernel and vanilla
| Code: | cat /usr/src/linux/smallone.config | grep -v "^#" | grep -i -e nat -e tables
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_REDIRECT=m
CONFIG_NF_TABLES=m
CONFIG_NF_TABLES_NETDEV=m
CONFIG_NFT_NAT=m
CONFIG_NETFILTER_XTABLES=m
CONFIG_NETFILTER_XT_NAT=m
CONFIG_NF_TABLES_IPV4=m
CONFIG_NF_TABLES_ARP=m
CONFIG_NF_NAT_IPV4=m
CONFIG_NFT_CHAIN_NAT_IPV4=m
CONFIG_NF_NAT_MASQUERADE_IPV4=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_NF_TABLES_BRIDGE=m
CONFIG_BRIDGE_NF_EBTABLES=m
CONFIG_BRIDGE_EBT_T_NAT=m
CONFIG_BRIDGE_EBT_DNAT=m
CONFIG_BRIDGE_EBT_SNAT=m
CONFIG_NET_ACT_NAT=m
CONFIG_NET_VENDOR_NATSEMI=y
CONFIG_NATSEMI=m
CONFIG_NATIONAL_PHY=m
CONFIG_CHECK_SIGNATURE=y |
there is no iptable_nat option in kernel
| Code: | cat /usr/src/linux/.config | grep -i -e iptable_nat
[nothing] |
iptable_nat file exist but there is no iptable_nat option in menuconfig
| Code: | find /usr/src/linux/ -name "*iptable_nat*"
/usr/src/linux/net/ipv4/netfilter/iptable_nat.c |
|
|
| Back to top |
|
 |
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5934
|
| Posted: Mon Jul 09, 2018 7:56 am Post subject: |
|
|
CONFIG_IP_NF_NAT should provide that. Odd that it didn't load it though. Did you upgrade the kernel and/or iptables and not reboot after perhaps?
https://cateee.net/lkddb/web-lkddb/IP_NF_NAT.html
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
ste.vaidis
n00b
Joined: 04 Jul 2018
Posts: 3
|
| Posted: Mon Jul 09, 2018 12:05 pm Post subject: |
|
|
| yes, i have reboot the system many times after the kernel/iptables upgrade |
|
| Back to top |
|
|
saturnalia0
Tux's lil' helper
Joined: 13 Oct 2016
Posts: 136
|
| Posted: Mon Jul 09, 2018 10:10 pm Post subject: |
|
|
I've had a similar issue early this year, took me a while to figure it out. I don't remember exactly what I did, but it seems you are missing the iptables_nat module, which I have on my lsmod:
| Code: |
sula:/home/afh lsmod | grep nat
iptable_nat 2015 0
nf_nat_ipv4 4699 1 iptable_nat
nf_nat 11710 1 nf_nat_ipv4
|
Here are my relevant kernel configs:
| Code: |
sula:/home/afh grep /usr/src/linux/.config -iPe '(iptable|_nat|nf_|netfilter)' | grep -v '^#'
CONFIG_NETFILTER=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_NETFILTER_INGRESS=y
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_LOG_COMMON=m
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CT_PROTO_DCCP=y
CONFIG_NF_CT_PROTO_SCTP=y
CONFIG_NF_CT_PROTO_UDPLITE=y
CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_CONNTRACK_IRC=y
CONFIG_NF_CONNTRACK_SIP=y
CONFIG_NF_CT_NETLINK=y
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_REDIRECT=m
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_NAT=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_OWNER=y
CONFIG_NETFILTER_XT_MATCH_POLICY=y
CONFIG_NETFILTER_XT_MATCH_STATE=y
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_LOG_ARP=m
CONFIG_NF_LOG_IPV4=m
CONFIG_NF_REJECT_IPV4=y
CONFIG_NF_NAT_IPV4=m
CONFIG_NF_NAT_MASQUERADE_IPV4=m
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_MANGLE=y
CONFIG_NF_DEFRAG_IPV6=y
CONFIG_NF_CONNTRACK_IPV6=y
CONFIG_NF_REJECT_IPV6=y
CONFIG_NF_LOG_IPV6=m
CONFIG_IP6_NF_IPTABLES=y
CONFIG_IP6_NF_MATCH_IPV6HEADER=y
CONFIG_IP6_NF_FILTER=y
CONFIG_IP6_NF_TARGET_REJECT=y
CONFIG_IP6_NF_MANGLE=y
|
| Code: |
sula:/home/afh locate iptable_nat
/lib64/modules/4.9.95-gentoo/kernel/net/ipv4/netfilter/iptable_nat.ko
/usr/src/linux-4.9.95-gentoo/.tmp_versions/iptable_nat.mod
/usr/src/linux-4.9.95-gentoo/net/ipv4/netfilter/.iptable_nat.ko.cmd
/usr/src/linux-4.9.95-gentoo/net/ipv4/netfilter/.iptable_nat.mod.o.cmd
/usr/src/linux-4.9.95-gentoo/net/ipv4/netfilter/.iptable_nat.o.cmd
/usr/src/linux-4.9.95-gentoo/net/ipv4/netfilter/iptable_nat.c
/usr/src/linux-4.9.95-gentoo/net/ipv4/netfilter/iptable_nat.ko
/usr/src/linux-4.9.95-gentoo/net/ipv4/netfilter/iptable_nat.mod.c
/usr/src/linux-4.9.95-gentoo/net/ipv4/netfilter/iptable_nat.mod.o
/usr/src/linux-4.9.95-gentoo/net/ipv4/netfilter/iptable_nat.o
|
|
|
| Back to top |
|
|
|
Networking & Security
