LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page NAT Error with Shorewall + Linux 2.6.20 on Debian
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-06-2007, 11:09 AM   #1
spindley
Member
 
Registered: Mar 2003
Location: Calgary, AB Canada
Distribution: Slackware 14.0
Posts: 32

Rep: Reputation: 15
NAT Error with Shorewall + Linux 2.6.20 on Debian

I just compiled a fresh kernel 2.6.20 under Debian 4.0 (etch), using the same config (working) that I previously used for 2.6.19.2. After booting into the new kernel, shorewall fails to start with the error:
Code:
ERROR: Rule "DNAT net loc:192.168.1.100 tcp ##" requires NAT which is disabled
The port number I was forwarding was replaced with "##" for our purposes here.
I double checked the kernel config to make sure that iptables was enabled, and it is.
Does anybody have any ideas? I can't seem to find anything helpful on Google or anywhere else.
Thanks in advance.
 
Old 02-07-2007, 06:00 AM   #2
Nille_kungen
Member
 
Registered: Jul 2005
Distribution: Slackware64-current
Posts: 587

Rep: Reputation: 201Reputation: 201Reputation: 201
Is CONFIG_IP_NF_NAT set?
Is the module loaded? (iptable_nat)
 
Old 02-07-2007, 06:06 AM   #3
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
Exclamation
NAT handling has changed for the 2.6.20. I haven't look deeply but nf_conntrack is the module that now takes care of NAT. ip_conntrack will be removed in 2.6.22, this is a major modification.
Try to search on kerneltrap or other kernel/network dev related mailinglist because a lot of people are in your case.
Also probably that iptables must be updated to take into account the modifications. Tools like firestarter do not work properly on 2.6.20 from what I see here.
The easiest is to revert to 2.6.19.x.

I have currently disabled the iptables user space tools because of this modifications (some of my rules also broke) and I don't have currently the time to investigate. I still think that backward compatibily should work so probably your kernel configuration is buggy.
If you find any information, I (and I'm sure a lot of others) would be interested.
 
Old 02-09-2007, 01:40 PM   #4
spindley
Member
 
Registered: Mar 2003
Location: Calgary, AB Canada
Distribution: Slackware 14.0
Posts: 32

Original Poster
Rep: Reputation: 15
Yeah, it was my kernel config that was the problem. Going from 2.6.19.2 to 2.6.20, they essentially changed the location of NAT. By doing a 'make oldconfig', I was able to select what they're now calling "Full NAT", and then all the modules were properly built.
Everything seems to be working as it should now. I haven't tried virtualization in the new kernel, since I have no use for it on a server, but I can say that the boot time is much faster.
Thanks for the suggestions.
 
Old 03-14-2007, 06:16 PM   #5
sensovision
Member
 
Registered: Mar 2004
Location: Ukraine
Distribution: Debian "Wheezy"
Posts: 94

Rep: Reputation: 15
spindley, I didn't understand if you manage to get NAT working on 2.6.20 or returned to 19?
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem turning a Debian box into my router, with Shorewall AlucardZero Linux - Software 1 06-15-2006 10:13 PM
Testing port 6881....NAT Error - error in Azureus dr_zayus69 Linux - Security 20 05-26-2006 01:52 PM
shorewall question for Debian Sarge tenzan Linux - Security 4 07-07-2005 09:31 PM
Howto NAT using shorewall varun_saa Mandriva 1 12-28-2004 05:52 AM
What's the difference between Linux-NAT and Sygate-NAT? yuzuohong Linux - Networking 0 08-07-2002 04:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:28 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration