WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki
« previous next »
Pages: [1]   Go Down

Author Topic: Can't access nat table on iptables, since release 10 CorePure64  (Read 4421 times)

Offline FlyingDutchman

  • Newbie
  • *
  • Posts: 36
Can't access nat table on iptables, since release 10 CorePure64
« on: March 27, 2019, 03:56:06 PM »
Hi,

I'm working on upgrading my installation from Corepure64 release 9 to 10. In release 10 I can't get the iptables firewall to work properly. I can read the "filter" and "raw" tables, but not the "nat" table. I get the following error message:
$ sudo iptables -t nat -L
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
iptables v1.8.2 (legacy): can't initialize iptables table 'nat': Teble does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

When I compare release 9 to release 10, I notice that in R9, modules are loaded related to iptables (iptable_nat, nf_conntrack_ipv4, nf_defrag_ipv4, nf_nat_ipv4, nf_nat, nf_conntrack, ipt_REJECT, nf_reject_ipv4, xt_comment, xt_conntrack, ipt_MASQUERADE, nf_nat_masquerade_ipv4) In release 10, I see none. Probably also due to the fact that the rules file can't be restored, so all these optional modules won't load.

When I try to load modules manually, I get comparable error messages as when trying to read the 'nat' table.

Please advise.
Logged

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11594
Re: Can't access nat table on iptables, since release 10 CorePure64
« Reply #1 on: March 27, 2019, 04:21:24 PM »
Hi FlyingDutchman
Quote from: FlyingDutchman on March 27, 2019, 03:56:06 PM
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
Maybe you need  ipv6-4.19.10-tinycore64.tcz.
Logged

Offline FlyingDutchman

  • Newbie
  • *
  • Posts: 36
Re: Can't access nat table on iptables, since release 10 CorePure64
« Reply #2 on: March 28, 2019, 12:59:16 PM »
And yes, indeed. Just installing ipv6-4.19.10-tinycore64.tcz did the trick. Thanks.  :)
But shouldn't this package be a dependency for iptables.tcz?
Logged

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11594
Re: Can't access nat table on iptables, since release 10 CorePure64
« Reply #3 on: March 28, 2019, 01:14:46 PM »
Hi FlyingDutchman
Quote from: FlyingDutchman on March 28, 2019, 12:59:16 PM
... But shouldn't this package be a dependency for iptables.tcz?
I suspect it's only required if IPv6 is enabled in your system. If that's the case, then a note similar to this might be appropriate
to add to the  iptables.tcz.info  file:
Code: [Select]
Soft dependency ipv6-KERNEL.tcz is required when IPv6 is enabled on your system.
Logged

Offline FlyingDutchman

  • Newbie
  • *
  • Posts: 36
Re: Can't access nat table on iptables, since release 10 CorePure64
« Reply #4 on: March 29, 2019, 05:58:32 PM »
I tried to dig a little deeper.  "$ modinfo nf_conntrack" shows dependencies to nf_defrag_ipv4 and nf_defrag_ipv6 in release 10 (kernel 4.19). In release 9 (kernel 4.14), the same command shows no dependencies. The module nf_defrag_ipv6 is only available after installing ipv6-4.19.10-tinycore64.tcz.

I can't find out why nf_conntrack is dependent on an IPv6 related module. It seems to me that connection tracking in iptables is now only possible if you install ipv6-4.19.10-tinycore64.tcz, even if you don't use IPv6.

Strange. Important is: there is a work-around. For me this is "case solved". @Rich: Many thanks once again. I can now proceed my upgrade project.
Logged
Pages: [1]   Go Up
« previous next »