Tiny Core Base > Corepure64

Can't access nat table on iptables, since release 10 CorePure64

(1/1)

FlyingDutchman:
Hi,

I'm working on upgrading my installation from Corepure64 release 9 to 10. In release 10 I can't get the iptables firewall to work properly. I can read the "filter" and "raw" tables, but not the "nat" table. I get the following error message:
$ sudo iptables -t nat -L
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
iptables v1.8.2 (legacy): can't initialize iptables table 'nat': Teble does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

When I compare release 9 to release 10, I notice that in R9, modules are loaded related to iptables (iptable_nat, nf_conntrack_ipv4, nf_defrag_ipv4, nf_nat_ipv4, nf_nat, nf_conntrack, ipt_REJECT, nf_reject_ipv4, xt_comment, xt_conntrack, ipt_MASQUERADE, nf_nat_masquerade_ipv4) In release 10, I see none. Probably also due to the fact that the rules file can't be restored, so all these optional modules won't load.

When I try to load modules manually, I get comparable error messages as when trying to read the 'nat' table.

Please advise.

Rich:
Hi FlyingDutchman

--- Quote from: FlyingDutchman on March 27, 2019, 12:56:06 PM ---nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
--- End quote ---
Maybe you need  ipv6-4.19.10-tinycore64.tcz.

FlyingDutchman:
And yes, indeed. Just installing ipv6-4.19.10-tinycore64.tcz did the trick. Thanks.  :)
But shouldn't this package be a dependency for iptables.tcz?

Rich:
Hi FlyingDutchman

--- Quote from: FlyingDutchman on March 28, 2019, 09:59:16 AM --- ... But shouldn't this package be a dependency for iptables.tcz?
--- End quote ---
I suspect it's only required if IPv6 is enabled in your system. If that's the case, then a note similar to this might be appropriate
to add to the  iptables.tcz.info  file:

--- Code: ---Soft dependency ipv6-KERNEL.tcz is required when IPv6 is enabled on your system.
--- End code ---

FlyingDutchman:
I tried to dig a little deeper.  "$ modinfo nf_conntrack" shows dependencies to nf_defrag_ipv4 and nf_defrag_ipv6 in release 10 (kernel 4.19). In release 9 (kernel 4.14), the same command shows no dependencies. The module nf_defrag_ipv6 is only available after installing ipv6-4.19.10-tinycore64.tcz.

I can't find out why nf_conntrack is dependent on an IPv6 related module. It seems to me that connection tracking in iptables is now only possible if you install ipv6-4.19.10-tinycore64.tcz, even if you don't use IPv6.

Strange. Important is: there is a work-around. For me this is "case solved". @Rich: Many thanks once again. I can now proceed my upgrade project.

Navigation

[0] Message Index

Go to full version