Tiny Core Linux

Tiny Core Base => Corepure64 => Topic started by: FlyingDutchman on March 27, 2019, 03:56:06 PM

Title: Can't access nat table on iptables, since release 10 CorePure64
Post by: FlyingDutchman on March 27, 2019, 03:56:06 PM

Hi,

I'm working on upgrading my installation from Corepure64 release 9 to 10. In release 10 I can't get the iptables firewall to work properly. I can read the "filter" and "raw" tables, but not the "nat" table. I get the following error message:
$ sudo iptables -t nat -L
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
iptables v1.8.2 (legacy): can't initialize iptables table 'nat': Teble does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

When I compare release 9 to release 10, I notice that in R9, modules are loaded related to iptables (iptable_nat, nf_conntrack_ipv4, nf_defrag_ipv4, nf_nat_ipv4, nf_nat, nf_conntrack, ipt_REJECT, nf_reject_ipv4, xt_comment, xt_conntrack, ipt_MASQUERADE, nf_nat_masquerade_ipv4) In release 10, I see none. Probably also due to the fact that the rules file can't be restored, so all these optional modules won't load.

When I try to load modules manually, I get comparable error messages as when trying to read the 'nat' table.

Please advise.

Title: Re: Can't access nat table on iptables, since release 10 CorePure64
Post by: Rich on March 27, 2019, 04:21:24 PM

Hi FlyingDutchman

Quote from: FlyingDutchman on March 27, 2019, 03:56:06 PM

nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)
nf_conntrack: Unknown symbol nf_defrag_ipv6_enable (err -2)

Maybe you need  ipv6-4.19.10-tinycore64.tcz.

Title: Re: Can't access nat table on iptables, since release 10 CorePure64
Post by: FlyingDutchman on March 28, 2019, 12:59:16 PM

And yes, indeed. Just installing ipv6-4.19.10-tinycore64.tcz did the trick. Thanks.  :)
But shouldn't this package be a dependency for iptables.tcz?

Title: Re: Can't access nat table on iptables, since release 10 CorePure64
Post by: Rich on March 28, 2019, 01:14:46 PM

Hi FlyingDutchman

Quote from: FlyingDutchman on March 28, 2019, 12:59:16 PM

... But shouldn't this package be a dependency for iptables.tcz?

I suspect it's only required if IPv6 is enabled in your system. If that's the case, then a note similar to this might be appropriate
to add to the  iptables.tcz.info  file:

Code: [Select]

Soft dependency ipv6-KERNEL.tcz is required when IPv6 is enabled on your system.

Title: Re: Can't access nat table on iptables, since release 10 CorePure64
Post by: FlyingDutchman on March 29, 2019, 05:58:32 PM

I tried to dig a little deeper.  "$ modinfo nf_conntrack" shows dependencies to nf_defrag_ipv4 and nf_defrag_ipv6 in release 10 (kernel 4.19). In release 9 (kernel 4.14), the same command shows no dependencies. The module nf_defrag_ipv6 is only available after installing ipv6-4.19.10-tinycore64.tcz.

I can't find out why nf_conntrack is dependent on an IPv6 related module. It seems to me that connection tracking in iptables is now only possible if you install ipv6-4.19.10-tinycore64.tcz, even if you don't use IPv6.

Strange. Important is: there is a work-around. For me this is "case solved". @Rich: Many thanks once again. I can now proceed my upgrade project.