Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
upgrade to kernel 3.7.10 and it broke my iptables/NAT [resol
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
dirtbag
Guru
Guru


Joined: 18 Feb 2003
Posts: 508
Location: NC

PostPosted: Wed Mar 13, 2013 2:24 am    Post subject: upgrade to kernel 3.7.10 and it broke my iptables/NAT [resol Reply with quote

i upgraded to 3.7.10-gentoo #1 SMP Tue Mar 12 15:30:56 EDT 2013 i686 AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ AuthenticAMD GNU/Linux

and now, I cant seem to get NAT working with my iptables ..
Code:

beast netfilter # iptables -t nat -nL
iptables v1.4.17: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
beast netfilter # iptables -F -t nat
iptables v1.4.17: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
beast netfilter # iptables -t nat -A POSTROUTING -o eth1 -s 10.1.1.1 -d 0/0 -j MASQUERADE
iptables v1.4.17: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.



and in dmesg, I see

Code:
[  780.624734] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[  780.626740] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[  804.025641] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[  804.027628] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)


Im sure im missing something in the kernel config, but I cant seem to find it.

-db


Last edited by dirtbag on Thu Mar 14, 2013 12:03 am; edited 1 time in total
Back to top
View user's profile Send private message
Odward
n00b
n00b


Joined: 21 Mar 2012
Posts: 65

PostPosted: Wed Mar 13, 2013 5:08 am    Post subject: Reply with quote

Going from memory, so could be wrong / incomplete
Check for
Code:
--> Networking Support
   --> Networking Options
      --> Network packet filtering framework (Netfilter)
         --> IP: Netfilter Configuration

<M> IPv4 NAT


I think that was the option to get it working again after upgrading to 3.7.10 for my basic ipv4 home network.
Built-in / module etc. to suit your needs.
Back to top
View user's profile Send private message
dirtbag
Guru
Guru


Joined: 18 Feb 2003
Posts: 508
Location: NC

PostPosted: Wed Mar 13, 2013 12:10 pm    Post subject: Reply with quote

im pretty sure i have that..


jason@beast /usr/src/linux $ grep -i NF_NAT .config
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_IPV4=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
# CONFIG_NF_NAT_IPV6 is not set

beast 3.7.10-gentoo # insmod /lib/modules/3.7.10-gentoo/kernel/net/netfilter/nf_nat.ko
insmod: ERROR: could not insert module /lib/modules/3.7.10-gentoo/kernel/net/netfilter/nf_nat.ko: Unknown symbol in module
beast 3.7.10-gentoo #


-db
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3349

PostPosted: Wed Mar 13, 2013 1:11 pm    Post subject: Reply with quote

Silly question, but did you modprobe it before trying to use it in the firewall script?
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Wed Mar 13, 2013 2:51 pm    Post subject: Reply with quote

Move the old files away:
Code:
mv /lib/modules/3.7.10-gentoo{,.old}

Then recompile your kernel.

I always do this, to ensure no stale files.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 12707

PostPosted: Wed Mar 13, 2013 10:32 pm    Post subject: Reply with quote

dirtbag wrote:
beast 3.7.10-gentoo # insmod /lib/modules/3.7.10-gentoo/kernel/net/netfilter/nf_nat.ko
insmod: ERROR: could not insert module /lib/modules/3.7.10-gentoo/kernel/net/netfilter/nf_nat.ko: Unknown symbol in module
Why are you using insmod instead of modprobe? Do you need NAT to be a module instead of built-in?
Back to top
View user's profile Send private message
dirtbag
Guru
Guru


Joined: 18 Feb 2003
Posts: 508
Location: NC

PostPosted: Thu Mar 14, 2013 12:02 am    Post subject: Reply with quote

im not sure exactly what i did, but I finally got it working

I think the option in the kernel that did it was

Code:
       
                   <*> IPv4 connection tracking support (required for NAT)                                                           
                    [*]   proc/sysctl compatibility with old connection tracking             <----this right here                                     
                  <M> IP Userspace queueing via NETLINK (OBSOLETE)                                                                     
                  <*> IP tables support (required for filtering/masq/NAT)                                                                 
                   <M>   "ah" match support                                         


also, I selected
IPv4 NAT and MASQUERADE target support
as compiled in instead of modules..
anyway, im back in business again!

-db
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3580
Location: Hamburg

PostPosted: Thu Mar 14, 2013 9:31 am    Post subject: Reply with quote

dirtbag wrote:
anyway, im back in business again!
-db
yeah - but for the future - did you know now *what* caused the issue ?
Back to top
View user's profile Send private message
pakjebakmeel
n00b
n00b


Joined: 13 Feb 2012
Posts: 48

PostPosted: Thu Mar 14, 2013 12:28 pm    Post subject: Reply with quote

I ran into exactly the same issue last week. I don't use masquerade nor NAT rules in my IP tables so I'm not sure why it's complaining when trying to restore the IP tables after a reboot.

I've done the same and included CONFIG_NF_NAT=y which "fixed" my issue.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum