| View previous topic :: View next topic |
| Author |
Message |
dirtbag
Guru
Joined: 18 Feb 2003
Posts: 508
Location: NC
|
 Posted: Wed Mar 13, 2013 2:24 am Post subject: upgrade to kernel 3.7.10 and it broke my iptables/NAT [resol |
 |
|
i upgraded to 3.7.10-gentoo #1 SMP Tue Mar 12 15:30:56 EDT 2013 i686 AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ AuthenticAMD GNU/Linux
and now, I cant seem to get NAT working with my iptables ..
| Code: |
beast netfilter # iptables -t nat -nL
iptables v1.4.17: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
beast netfilter # iptables -F -t nat
iptables v1.4.17: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
beast netfilter # iptables -t nat -A POSTROUTING -o eth1 -s 10.1.1.1 -d 0/0 -j MASQUERADE
iptables v1.4.17: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
|
and in dmesg, I see
| Code: | [ 780.624734] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[ 780.626740] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[ 804.025641] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0)
[ 804.027628] nf_nat: Unknown symbol nf_nat_decode_session_hook (err 0) |
Im sure im missing something in the kernel config, but I cant seem to find it.
-db
Last edited by dirtbag on Thu Mar 14, 2013 12:03 am; edited 1 time in total |
|
| Back to top |
|
 |
Odward
n00b
Joined: 21 Mar 2012
Posts: 65
|
| Posted: Wed Mar 13, 2013 5:08 am Post subject: |
|
|
Going from memory, so could be wrong / incomplete
Check for
| Code: | --> Networking Support
--> Networking Options
--> Network packet filtering framework (Netfilter)
--> IP: Netfilter Configuration
<M> IPv4 NAT |
I think that was the option to get it working again after upgrading to 3.7.10 for my basic ipv4 home network.
Built-in / module etc. to suit your needs. |
|
| Back to top |
|
|
dirtbag
Guru
Joined: 18 Feb 2003
Posts: 508
Location: NC
|
| Posted: Wed Mar 13, 2013 12:10 pm Post subject: |
|
|
im pretty sure i have that..
jason@beast /usr/src/linux $ grep -i NF_NAT .config
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_IPV4=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
# CONFIG_NF_NAT_IPV6 is not set
beast 3.7.10-gentoo # insmod /lib/modules/3.7.10-gentoo/kernel/net/netfilter/nf_nat.ko
insmod: ERROR: could not insert module /lib/modules/3.7.10-gentoo/kernel/net/netfilter/nf_nat.ko: Unknown symbol in module
beast 3.7.10-gentoo #
-db |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3530
|
| Posted: Wed Mar 13, 2013 1:11 pm Post subject: |
|
|
Silly question, but did you modprobe it before trying to use it in the firewall script?
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
PaulBredbury
Watchman
Joined: 14 Jul 2005
Posts: 7310
|
| Posted: Wed Mar 13, 2013 2:51 pm Post subject: |
|
|
Move the old files away:
| Code: | | mv /lib/modules/3.7.10-gentoo{,.old} |
Then recompile your kernel.
I always do this, to ensure no stale files. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23228
|
| Posted: Wed Mar 13, 2013 10:32 pm Post subject: |
|
|
| dirtbag wrote: | beast 3.7.10-gentoo # insmod /lib/modules/3.7.10-gentoo/kernel/net/netfilter/nf_nat.ko
insmod: ERROR: could not insert module /lib/modules/3.7.10-gentoo/kernel/net/netfilter/nf_nat.ko: Unknown symbol in module
|
Why are you using insmod instead of modprobe? Do you need NAT to be a module instead of built-in? |
|
| Back to top |
|
|
dirtbag
Guru
Joined: 18 Feb 2003
Posts: 508
Location: NC
|
| Posted: Thu Mar 14, 2013 12:02 am Post subject: |
|
|
im not sure exactly what i did, but I finally got it working
I think the option in the kernel that did it was
| Code: |
<*> IPv4 connection tracking support (required for NAT)
[*] proc/sysctl compatibility with old connection tracking <----this right here
<M> IP Userspace queueing via NETLINK (OBSOLETE)
<*> IP tables support (required for filtering/masq/NAT)
<M> "ah" match support |
also, I selected
IPv4 NAT and MASQUERADE target support
as compiled in instead of modules..
anyway, im back in business again!
-db |
|
| Back to top |
|
|
toralf
Developer
Joined: 01 Feb 2004
Posts: 3943
Location: Hamburg
|
| Posted: Thu Mar 14, 2013 9:31 am Post subject: |
|
|
| dirtbag wrote: | anyway, im back in business again!
-db |
yeah - but for the future - did you know now *what* caused the issue ? |
|
| Back to top |
|
|
pakjebakmeel
n00b
Joined: 13 Feb 2012
Posts: 48
|
| Posted: Thu Mar 14, 2013 12:28 pm Post subject: |
|
|
I ran into exactly the same issue last week. I don't use masquerade nor NAT rules in my IP tables so I'm not sure why it's complaining when trying to restore the IP tables after a reboot.
I've done the same and included CONFIG_NF_NAT=y which "fixed" my issue. |
|
| Back to top |
|
|
|
Kernel & Hardware
