iptables / NAT kernel module appears missing after update

[mikehawke1337]

Hi,

as reported in http://forum.xbian.org/thread-2729.html I received an error trying to set my masquerading rule with iptables after an apt-get update&upgrade. I cannot tell you which version I had in the very beginning, as I have set up my raspberry from scratch to maybe have a quick fix, but this issue is still there with kernel version 3.17.7-ck2+ #3.

If you require additional information from me let me know, I'd be happy to help.

Thanks

[CurlyMoo]

Can you create a pull request in our kernel repository with the update needed to our kernel config?

[mikehawke1337]

I just checked out the pull request section and I have no idea what to do. Sorry, I'm not a coder and a novice to github.. I'm not even entirely sure which exact kernel module would fix the problem, I don't have a kernel config on my machine right now to check on that.

[anaconda]

It seems it's CONFIG_IP_NF_NAT.

found in Linux kernels: 3.17–3.19
modules built: ip_nat, iptable_nat
Help text

This enables the `nat' table in iptables. This allows masquerading, port forwarding and
other forms of full Network Address Port Translation.

It's not set in our 3.17 config: https://github.com/xbianonpi/xbian-package-kernel/blob/master/extra-files/rpi-3.17.y/.config#L816

[mikehawke1337]

Yep, looks about right.

Has that been unset on purpose? I would assume quite a few people are using NAT for VPN forwarding and port forwarding.. Any chance this setting will be enabled again? If yes, in which timeframe?

I don't know of any workarounds other than recompile my own kernel, which I wouldn't want to do on a system like my xbian raspi..

[CurlyMoo]

So @mikehawke1337, can you do that pull request?

[mikehawke1337]

I have no idea what I did, but I think I created a pull request...

[CurlyMoo]

Did you also check the other configs?

[mikehawke1337]

just checked rpi2-3.18.y aswell and changed it

[CurlyMoo]

Was that all?

[mikehawke1337]

I hope so?

[CurlyMoo]

The new kernels should arrive at 0:05 UTC+1

[CurlyMoo]

Confirmed working.

[rolftimmerman]

Can you please indicate how to update to the new kernel?

[CurlyMoo]

Post the output of find /lib -name *nat*

[rolftimmerman]

/lib/modules/3.17.7-ck2+/kernel/net/bridge/netfilter/ebt_snat.ko /lib/modules/3.17.7-ck2+/kernel/net/bridge/netfilter/ebt_dnat.ko /lib/modules/3.17.7-ck2+/kernel/net/bridge/netfilter/ebtable_nat.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv6/netfilter/nf_nat_ipv6.ko /lib/modules/3.17.7-ck2+/kernel/net/sched/act_nat.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_amanda.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_tftp.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_ftp.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_proto_udplite.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_proto_sctp.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_sip.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_proto_dccp.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_irc.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_pptp.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_ipv4.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_proto_gre.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_snmp_basic.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_h323.ko /lib/modules/3.17.7-ck2+/kernel/drivers/net/phy/national.ko

[CurlyMoo]

Try modprobe nf_nat first.

[rolftimmerman]

xbian@xbian /boot $ sudo modprobe nf_nat xbian@xbian /boot $ sudo find /lib -name nat /lib/modules/3.17.7-ck2+/kernel/net/bridge/netfilter/ebt_snat.ko /lib/modules/3.17.7-ck2+/kernel/net/bridge/netfilter/ebt_dnat.ko /lib/modules/3.17.7-ck2+/kernel/net/bridge/netfilter/ebtable_nat.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv6/netfilter/nf_nat_ipv6.ko /lib/modules/3.17.7-ck2+/kernel/net/sched/act_nat.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_amanda.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_tftp.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_ftp.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_proto_udplite.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_proto_sctp.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_sip.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_proto_dccp.ko /lib/modules/3.17.7-ck2+/kernel/net/netfilter/nf_nat_irc.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_pptp.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_ipv4.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_proto_gre.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_snmp_basic.ko /lib/modules/3.17.7-ck2+/kernel/net/ipv4/netfilter/nf_nat_h323.ko /lib/modules/3.17.7-ck2+/kernel/drivers/net/phy/national.ko

[CurlyMoo]

I meant before you tried the iptables rule.

[rolftimmerman]

still the same issue

[CurlyMoo]

If you know what kernel module you're missing you can do a pull request on our kernel configs and it will appear automatically in our repositories.

[rolftimmerman]

Pull request 22 should have fixed the issues from what I can understand. When performing lsmod I don't see iptable_nat as mentioned on some websites. Could that be the issue?

[rolftimmerman]

Is there a way to really establish that I'm running the latest kernel? BTW when running sudo modprobe iptable_nat I receive the error FATAL: Module iptable_nat not found.