LinuxQuestions.org - [SOLVED] IPTABLES issue

- Gentoo (https://www.linuxquestions.org/questions/gentoo-87/)

- - IPTABLES issue (https://www.linuxquestions.org/questions/gentoo-87/iptables-issue-919802/)

Ok, so what I have (on a different server from the other one I've got a problem with) is a situation where I get the following message from iptables:

iptables v1.4.12.1: can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

I've emerge --unmerge and re-emerged Iptables, but cannot understand why this is throwing this issue - I've enabled Netfilter and associated bits in the menuconfig. what have I missed out on or messed up on?

TIA

It is a kernel configuration problem.

Is the nat module built-in?

grep your kernel config for NF_NAT

Hi andrewthomas

I thought I'd switched it on, but I could be wrong on this one. This is what I got back from a grep of my kernel config

CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_NF_NAT_SIP=m

what is the output of lsmod?

Here is mine:

Code:

asus-gentoo linux # lsmod

Module                  Size  Used by

iptable_nat            4406  0 

nf_nat                18217  1 iptable_nat

iptable_mangle          1846  0 

ipt_LOG                7808  1 

xt_tcpudp              2579  11 

nf_conntrack_ipv4      12921  4 iptable_nat,nf_nat

nf_defrag_ipv4          1433  1 nf_conntrack_ipv4

xt_state                1370  1 

nf_conntrack          70132  4 iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state

iptable_filter          1762  1 

ip_tables              12135  3 iptable_nat,iptable_mangle,iptable_filter

x_tables              17826  7 iptable_nat,iptable_mangle,ipt_LOG,xt_tcpudp,xt_state,iptable_filter,ip_tables

Double check that you are using the kernel that you think you are using (i.e. you are not installing your newer kernels into /boot without mounting it if it's a separate partition, and the like). Particularly, use uname -a and check the compilation date. lsmod, as said above, can also be helpful.

output of lsmod

Code:

portia marcusw # lsmod

Module                  Size  Used by

libiscsi              26824  0

scsi_transport_iscsi    20224  1 libiscsi

e1000                  76920  0

fuse                  47880  1

nfs                  113672  0

lockd                  52004  1 nfs

sunrpc                140088  3 nfs,lockd

jfs                  130176  0

raid10                16296  0

raid456                40056  0

async_raid6_recov      1080  1 raid456

async_memcpy            1048  1 raid456

async_pq                2752  1 raid456

async_xor              2012  2 raid456,async_pq

xor                    4056  1 async_xor

async_tx                1384  5 raid456,async_raid6_recov,async_memcpy,async_pq,async_xor

raid6_pq              76584  2 async_raid6_recov,async_pq

raid1                  15832  0

raid0                  6412  0

dm_snapshot            19836  0

dm_crypt              11344  0

dm_mirror              10080  0

dm_region_hash          5096  1 dm_mirror

dm_log                  6204  2 dm_mirror,dm_region_hash

dm_mod                45552  4 dm_snapshot,dm_crypt,dm_mirror,dm_log

scsi_wait_scan          536  0

hid_sunplus            1144  0

hid_sony                1896  0

hid_samsung            2536  0

hid_pl                  1112  0

hid_petalynx            1640  0

hid_monterey            1240  0

hid_microsoft          2316  0

hid_logitech            6120  0

hid_gyration            1768  0

hid_ezkey              1080  0

hid_cypress            1512  0

hid_chicony            1496  0

hid_cherry              1208  0

hid_belkin              1368  0

hid_apple              4200  0

hid_a4tech              1592  0

sl811_hcd              7944  0

usbhid                19136  0

ohci_hcd              17132  0

ssb                    30056  1 ohci_hcd

uhci_hcd              16592  0

usb_storage            37312  0

ehci_hcd              28652  0

usbcore              102376  8 hid_sony,sl811_hcd,usbhid,ohci_hcd,uhci_hcd,usb_storage,ehci_hcd

aic94xx                60072  0

libsas                39840  1 aic94xx

lpfc                  385456  0

qla2xxx              262144  0

megaraid_sas          56704  6

megaraid_mbox          22440  0

megaraid_mm            6056  1 megaraid_mbox

megaraid              33936  0

aacraid                59648  0

sx8                    10248  0

DAC960                58248  0

cciss                  39376  0

3w_9xxx                27744  0

3w_xxxx                19568  0

mptsas                30040  0

scsi_transport_sas    16600  3 aic94xx,libsas,mptsas

mptfc                  9344  0

scsi_transport_fc      30316  3 lpfc,qla2xxx,mptfc

scsi_tgt                6928  1 scsi_transport_fc

mptspi                  9736  0

mptscsih              14440  3 mptsas,mptfc,mptspi

mptbase                50632  4 mptsas,mptfc,mptspi,mptscsih

atp870u                23280  0

dc395x                24692  0

qla1280                18000  0

imm                    7812  0

parport                21984  1 imm

dmx3191d                8296  0

sym53c8xx              58544  0

gdth                  71064  0

advansys              48976  0

initio                13920  0

BusLogic              18208  0

arcmsr                20480  0

aic7xxx                96668  0

aic79xx              101500  0

scsi_transport_spi    14056  5 mptspi,dmx3191d,sym53c8xx,aic7xxx,aic79xx

sg                    18968  0

pdc_adma                4716  0

sata_inic162x          5596  0

sata_mv                21100  0

ata_piix              20128  0

ahci                  19248  0

libahci                14228  1 ahci

sata_qstor              4476  0

sata_vsc                3468  0

sata_uli                2652  0

sata_sis                3292  0

sata_sx4                7068  0

sata_nv                16612  0

sata_via                7084  0

sata_svw                3548  0

sata_sil24              9248  0

sata_sil                6544  0

sata_promise            8444  0

pata_sl82c105          2840  0

pata_cs5530            3752  0

pata_cs5520            3272  0

pata_via                7792  0

pata_jmicron            2056  0

pata_marvell            2472  0

pata_sis                8988  1 sata_sis

pata_netcell            1884  0

pata_sc1200            2504  0

pata_pdc202xx_old      3640  0

pata_triflex            2604  0

pata_atiixp            3068  0

pata_opti              2380  0

pata_amd                8892  0

pata_ali                8216  0

pata_it8213            2924  0

pata_pcmcia            9240  0

pcmcia                25360  2 ssb,pata_pcmcia

pcmcia_core            8512  1 pcmcia

pata_ns87415            2604  0

pata_ns87410            2360  0

pata_serverworks        4568  0

pata_platform          2840  0

pata_artop              4076  0

pata_it821x            7276  0

pata_optidma            3824  0

pata_hpt3x2n            4728  0

pata_hpt3x3            2636  0

pata_hpt37x            9816  0

pata_hpt366            4376  0

pata_cmd64x            5304  0

pata_efar              3056  0

pata_rz1000            2348  0

pata_sil680            3980  0

pata_radisys            2508  0

pata_pdc2027x          5340  0

pata_mpiix              2476  0

libata                128884  53 libsas,pdc_adma,sata_inic162x,sata_mv,ata_piix,ahci,libahci,sata_qstor,sata_vsc,sata_uli,sata_sis,sata_sx4,sata_nv,sata_via,sata_svw,sata_sil24,sata_sil,sata_promise,pata_sl82c105,pata_cs5530,pata_cs5520,pata_via,pata_jmicron,pata_marvell,pata_sis,pata_netcell,pata_sc1200,pata_pdc202xx_old,pata_triflex,pata_atiixp,pata_opti,pata_amd,pata_ali,pata_it8213,pata_pcmcia,pata_ns87415,pata_ns87410,pata_serverworks,pata_platform,pata_artop,pata_it821x,pata_optidma,pata_hpt3x2n,pata_hpt3x3,pata_hpt37x,pata_hpt366,pata_cmd64x,pata_efar,pata_rz1000,pata_sil680,pata_radisys,pata_pdc2027x,pata_mpiix

I'm reasonably certain I had the /boot partition mounted when I compiled and copied over the files but I'm recompiling and copying them again just to be on the safe side.

after a recompile, I get the same result.

My full .config file:

Pastebin Link

Are there any modules in

Code:

/lib/modules/<your-kernel-version>/kernel/net/ipv4/netfilter

Code:

lxde@gentoo-asus ~ $ ls -al /lib/modules/3.1.5-gentoo/kernel/net/ipv4/netfilter

total 236

drwxr-xr-x 2 root root  4096 Dec 20 09:13 .

drwxr-xr-x 3 root root  4096 Dec 20 09:13 ..

-rw-r--r-- 1 root root 23735 Dec 20 09:13 ip_tables.ko

-rw-r--r-- 1 root root 13183 Dec 20 09:13 ipt_LOG.ko

-rw-r--r-- 1 root root  6209 Dec 20 09:13 ipt_MASQUERADE.ko

-rw-r--r-- 1 root root  4531 Dec 20 09:13 ipt_NETMAP.ko

-rw-r--r-- 1 root root  4763 Dec 20 09:13 ipt_REDIRECT.ko

-rw-r--r-- 1 root root  7117 Dec 20 09:13 ipt_REJECT.ko

-rw-r--r-- 1 root root 11879 Dec 20 09:13 ipt_ULOG.ko

-rw-r--r-- 1 root root  4305 Dec 20 09:13 ipt_ah.ko

-rw-r--r-- 1 root root  4815 Dec 20 09:13 ipt_ecn.ko

-rw-r--r-- 1 root root  6372 Dec 20 09:13 iptable_filter.ko

-rw-r--r-- 1 root root  6009 Dec 20 09:13 iptable_mangle.ko

-rw-r--r-- 1 root root 11398 Dec 20 09:13 iptable_nat.ko

-rw-r--r-- 1 root root  5346 Dec 20 09:13 iptable_raw.ko

-rw-r--r-- 1 root root 29229 Dec 20 09:13 nf_conntrack_ipv4.ko

-rw-r--r-- 1 root root  4818 Dec 20 09:13 nf_defrag_ipv4.ko

-rw-r--r-- 1 root root 33795 Dec 20 09:13 nf_nat.ko

-rw-r--r-- 1 root root  6327 Dec 20 09:13 nf_nat_ftp.ko

-rw-r--r-- 1 root root  5896 Dec 20 09:13 nf_nat_irc.ko

Hi

Looked in there and this is what I found: (kernel is 3.0.6-gentoo)

Code:

ls netfilter -la

total 276

drwxr-xr-x 2 root root  4096 Dec 22 17:23 .

drwxr-xr-x 3 root root  4096 Dec 22 17:23 ..

-rw-r--r-- 1 root root 28278 Dec 22 17:23 arp_tables.ko

-rw-r--r-- 1 root root  4502 Dec 22 17:23 arpt_mangle.ko

-rw-r--r-- 1 root root  6020 Dec 22 17:23 arptable_filter.ko

-rw-r--r-- 1 root root 15757 Dec 22 17:23 ipt_CLUSTERIP.ko

-rw-r--r-- 1 root root  5687 Dec 22 17:23 ipt_ECN.ko

-rw-r--r-- 1 root root 12693 Dec 22 17:23 ipt_LOG.ko

-rw-r--r-- 1 root root  6747 Dec 22 17:23 ipt_MASQUERADE.ko

-rw-r--r-- 1 root root  4724 Dec 22 17:23 ipt_NETMAP.ko

-rw-r--r-- 1 root root  4802 Dec 22 17:23 ipt_REDIRECT.ko

-rw-r--r-- 1 root root  7256 Dec 22 17:23 ipt_REJECT.ko

-rw-r--r-- 1 root root 12796 Dec 22 17:23 ipt_ULOG.ko

-rw-r--r-- 1 root root  4279 Dec 22 17:23 ipt_ah.ko

-rw-r--r-- 1 root root  4789 Dec 22 17:23 ipt_ecn.ko

-rw-r--r-- 1 root root  6987 Dec 22 17:23 iptable_filter.ko

-rw-r--r-- 1 root root  6417 Dec 22 17:23 iptable_mangle.ko

-rw-r--r-- 1 root root  5833 Dec 22 17:23 iptable_raw.ko

-rw-r--r-- 1 root root  5011 Dec 22 17:23 nf_nat_amanda.ko

-rw-r--r-- 1 root root  6151 Dec 22 17:23 nf_nat_ftp.ko

-rw-r--r-- 1 root root 12877 Dec 22 17:23 nf_nat_h323.ko

-rw-r--r-- 1 root root  5872 Dec 22 17:23 nf_nat_irc.ko

-rw-r--r-- 1 root root  7084 Dec 22 17:23 nf_nat_pptp.ko

-rw-r--r-- 1 root root  5850 Dec 22 17:23 nf_nat_proto_gre.ko

-rw-r--r-- 1 root root  5205 Dec 22 17:23 nf_nat_proto_sctp.ko

-rw-r--r-- 1 root root  5148 Dec 22 17:23 nf_nat_proto_udplite.ko

-rw-r--r-- 1 root root 12777 Dec 22 17:23 nf_nat_sip.ko

-rw-r--r-- 1 root root  4393 Dec 22 17:23 nf_nat_tftp.ko

Any more ideas about what may be causing this at all?

OK fixed it. I went and removed all references in /lib/modules/* (rm -rf), then re-emerged gentoo-sources, and then went and did genkernel --menuconfig all.

The actual error was not this:

Code:

iptables v1.4.12.1: can't initialize iptables table `nat': iptables who? (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

but when I looked in dmesg I saw a message saying:

Code:

WARNING: Error inserting x_tables (/lib/modules/3.0.6-gentoo/kernel/net/netfilter/x_tables.ko): Invalid module format 

FATAL: Error inserting ip_tables (/lib/modules/3.0.6-gentoo/kernel/net/ipv4/netfilter/ip_tables.ko): Invalid module format

which is what directed me to this result.

NOT for the faint of heart, I have to say.

Thank you to all those who made suggestions here and elsewhere.