LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-29-2014, 07:16 AM   #1
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 899

Rep: Reputation: 41
netstat-nat doesnt work ?


I have installed netstat-nat in Ubuntu 12.04.3 LTS.
Code:
sudo apt-get install netstat-nat
However, it does not really works to me.
Code:
# netstat-nat
Could not read info about connections from the kernel, make sure netfilter is enabled in kernel or by modules.
netfilter/iptables is enabled in my system.
All modules required for NAT are loaded. It is a NAT box.
So, why netstat-nat doesnt work for me ?
 
Old 04-29-2014, 07:29 AM   #2
eklavya
Member
 
Registered: Mar 2013
Posts: 633

Rep: Reputation: 141Reputation: 141
Did you run?
Quote:
modprobe iptable
modprobe iptable_nat

Last edited by eklavya; 04-30-2014 at 12:59 AM.
 
Old 04-29-2014, 07:59 AM   #3
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 899

Original Poster
Rep: Reputation: 41
I think I have written quite clear that it is NAT box (that means it already acts as a NAT box).
Quote:
All modules required for NAT are loaded. It is a NAT box.
Secondly I think you ask for ip_tables and nf_nat_ipv4/iptable_nat modules instead of iptables and iptables_nat ?
 
Old 04-29-2014, 09:36 AM   #4
eklavya
Member
 
Registered: Mar 2013
Posts: 633

Rep: Reputation: 141Reputation: 141
Check status of your ufw
Quote:
service ufw status
It may be Inactive.
Enable it using
Quote:
service ufw enable
Now run
netstat-nat command again.
You will not get the error instead of it will give
Quote:
Proto NATed Address Destination Address State

Last edited by eklavya; 04-29-2014 at 09:42 AM.
 
Old 04-29-2014, 10:19 AM   #5
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 899

Original Poster
Rep: Reputation: 41
Hi, thanks for reply.
It seems that the service is already running:
Code:
# service ufw status
ufw start/running
 
Old 04-30-2014, 01:18 AM   #6
eklavya
Member
 
Registered: Mar 2013
Posts: 633

Rep: Reputation: 141Reputation: 141
Check the module in the directory
/lib/modules
Here you will find a directory of your kernel version, if you find more than one directory and you do not know where to go, run command
Quote:
uname -r
Output will be your directory name, now open it. Now go to kernel/net/ipv4/netfilter
if you are using ipv6, open kernel/net/ipv6/netfilter
Here you can see the list of modules. Find the netfilter module name.ko file and enable it for kernel.
Quote:
# modprobe modulename
Run the command.

Last edited by eklavya; 04-30-2014 at 04:21 AM.
 
Old 04-30-2014, 03:19 AM   #7
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 899

Original Poster
Rep: Reputation: 41
I dont think there exists any module dedicated specifically for netstat-nat.
As I written already NAT itself works.

Nevertheless this is list of modules in my /lib/modules/3.8.0-33-generic/kernel/net/ipv4/netfilter
Code:
# ls -al
total 320
drwxr-xr-x 2 root root  4096 Nov 18 10:56 .
drwxr-xr-x 3 root root  4096 Nov 18 10:56 ..
-rw-r--r-- 1 root root  6568 Oct 24  2013 arptable_filter.ko
-rw-r--r-- 1 root root 34848 Oct 24  2013 arp_tables.ko
-rw-r--r-- 1 root root  5608 Oct 24  2013 arpt_mangle.ko
-rw-r--r-- 1 root root  7248 Oct 24  2013 iptable_filter.ko
-rw-r--r-- 1 root root  7144 Oct 24  2013 iptable_mangle.ko
-rw-r--r-- 1 root root  9816 Oct 24  2013 iptable_nat.ko
-rw-r--r-- 1 root root  6408 Oct 24  2013 iptable_raw.ko
-rw-r--r-- 1 root root  6632 Oct 24  2013 iptable_security.ko
-rw-r--r-- 1 root root 39648 Oct 24  2013 ip_tables.ko
-rw-r--r-- 1 root root  5000 Oct 24  2013 ipt_ah.ko
-rw-r--r-- 1 root root 18792 Oct 24  2013 ipt_CLUSTERIP.ko
-rw-r--r-- 1 root root  6696 Oct 24  2013 ipt_ECN.ko
-rw-r--r-- 1 root root  7608 Oct 24  2013 ipt_MASQUERADE.ko
-rw-r--r-- 1 root root  8520 Oct 24  2013 ipt_REJECT.ko
-rw-r--r-- 1 root root  6552 Oct 24  2013 ipt_rpfilter.ko
-rw-r--r-- 1 root root 14776 Oct 24  2013 ipt_ULOG.ko
-rw-r--r-- 1 root root 23200 Oct 24  2013 nf_conntrack_ipv4.ko
-rw-r--r-- 1 root root  6088 Oct 24  2013 nf_defrag_ipv4.ko
-rw-r--r-- 1 root root 15616 Oct 24  2013 nf_nat_h323.ko
-rw-r--r-- 1 root root 11136 Oct 24  2013 nf_nat_ipv4.ko
-rw-r--r-- 1 root root  7640 Oct 24  2013 nf_nat_pptp.ko
-rw-r--r-- 1 root root  6536 Oct 24  2013 nf_nat_proto_gre.ko
-rw-r--r-- 1 root root 19104 Oct 24  2013 nf_nat_snmp_basic.ko
 
Old 04-30-2014, 04:29 AM   #8
eklavya
Member
 
Registered: Mar 2013
Posts: 633

Rep: Reputation: 141Reputation: 141
We do not need the module for netstat-nat
The error is
Quote:
Could not read info about connections from the kernel, make sure netfilter is enabled in kernel or by modules.
netfilter should be enabled in kernel or by modules
We need to enable the netfilter module in kernel to remove the error.
Enable the modules which are related to netfilter. We have to enable the module nf_nat or similar one.
Use modprobe. modprobe is a command (program) to add and remove modules from the Linux Kernel.
 
Old 04-30-2014, 06:44 AM   #9
czezz
Member
 
Registered: Nov 2004
Distribution: Slackware/Solaris
Posts: 899

Original Poster
Rep: Reputation: 41
Hi, I am not sure if you have a good understanding of my problem.
My NAT works correctly. This means all netfilter modules are loaded.

What makes then you to think that some modules are missing ?
 
Old 04-30-2014, 07:53 AM   #10
eklavya
Member
 
Registered: Mar 2013
Posts: 633

Rep: Reputation: 141Reputation: 141
Click image for larger version

Name:	Screenshot-1.png
Views:	716
Size:	77.1 KB
ID:	15367
 
Old 05-29-2014, 07:37 PM   #11
ragarwal74
LQ Newbie
 
Registered: May 2014
Posts: 2

Rep: Reputation: Disabled
Still having trouble... any clues?

Code:
root@x301:/lib/modules/3.13.0-27-generic/kernel/net/ipv4/netfilter# ufw status
WARN: Duplicate profile 'Apache', using last found
WARN: Duplicate profile 'Apache Secure', using last found
WARN: Duplicate profile 'Apache Full', using last found
Status: inactive
root@x301:/lib/modules/3.13.0-27-generic/kernel/net/ipv4/netfilter# ufw enable
WARN: Duplicate profile 'Apache', using last found
WARN: Duplicate profile 'Apache Secure', using last found
WARN: Duplicate profile 'Apache Full', using last found
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@x301:/lib/modules/3.13.0-27-generic/kernel/net/ipv4/netfilter# ufw status
WARN: Duplicate profile 'Apache', using last found
WARN: Duplicate profile 'Apache Secure', using last found
WARN: Duplicate profile 'Apache Full', using last found
Status: active
root@x301:/lib/modules/3.13.0-27-generic/kernel/net/ipv4/netfilter# netstat-nat
Could not read info about connections from the kernel, make sure netfilter is enabled in kernel or by modules.
root@x301:/lib/modules/3.13.0-27-generic/kernel/net/ipv4/netfilter#


Many thanks.
 
Old 05-30-2014, 04:41 AM   #12
eklavya
Member
 
Registered: Mar 2013
Posts: 633

Rep: Reputation: 141Reputation: 141
Run command
Quote:
modprobe nf_nat
Click image for larger version

Name:	netstat-nat.png
Views:	445
Size:	64.6 KB
ID:	15633
 
Old 05-30-2014, 04:21 PM   #13
ragarwal74
LQ Newbie
 
Registered: May 2014
Posts: 2

Rep: Reputation: Disabled
no joy !!!!
I really do appreciate you looking into this.

Code:
root@x301:~# netstat-nat
Could not read info about connections from the kernel, make sure netfilter is enabled in kernel or by modules.
root@x301:~# modprobe nf_nat
root@x301:~# netstat-nat
Could not read info about connections from the kernel, make sure netfilter is enabled in kernel or by modules.
root@x301:~# lsmod
root@x301:~# lsmod
Module                  Size  Used by
pci_stub               12622  1
vboxpci                23194  0
vboxnetadp             25670  0
vboxnetflt             27613  1
vboxdrv               339502  5 vboxnetadp,vboxnetflt,vboxpci
cuse                   13445  3
ipt_MASQUERADE         12880  1
xt_REDIRECT            12757  1
xt_nat                 12681  5
xt_tcpudp              12884  6
iptable_nat            13011  1
nf_conntrack_ipv4      15012  1
nf_defrag_ipv4         12758  1 nf_conntrack_ipv4
nf_nat_ipv4            13263  1 iptable_nat
nf_nat                 21798  5 ipt_MASQUERADE,nf_nat_ipv4,xt_nat,xt_REDIRECT,iptable_nat
nf_conntrack           96976  5 ipt_MASQUERADE,nf_nat,nf_nat_ipv4,iptable_nat,nf_conntrack_ipv4
ip_tables              27239  1 iptable_nat
x_tables               34059  5 ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_nat,xt_REDIRECT
bnep                   19624  2
rfcomm                 69160  0
bluetooth             395423  10 bnep,rfcomm
snd_hda_codec_realtek    61438  1
snd_hda_intel          52355  3
snd_hda_codec         192906  2 snd_hda_codec_realtek,snd_hda_intel
snd_hwdep              13602  1 snd_hda_codec
snd_pcm               102099  2 snd_hda_codec,snd_hda_intel
snd_page_alloc         18710  2 snd_pcm,snd_hda_intel
snd_seq_midi           13324  0
snd_seq_midi_event     14899  1 snd_seq_midi
snd_rawmidi            30144  1 snd_seq_midi
snd_seq                61560  2 snd_seq_midi_event,snd_seq_midi
kvm_amd                59987  0
radeon               1514165  2
kvm                   451511  1 kvm_amd
snd_seq_device         14497  3 snd_seq,snd_rawmidi,snd_seq_midi
snd_timer              29482  2 snd_pcm,snd_seq
serio_raw              13462  0
snd                    69238  16 snd_hda_codec_realtek,snd_hwdep,snd_timer,snd_pcm,snd_seq,snd_rawmidi,snd_hda_codec,snd_hda_intel,snd_seq_device,snd_seq_midi
edac_core              62291  0
ttm                    85115  1 radeon
drm_kms_helper         52758  1 radeon
edac_mce_amd           22617  0
k10temp                13126  0
soundcore              12680  1 snd
drm                   302817  4 ttm,drm_kms_helper,radeon
sp5100_tco             13979  0
i2c_piix4              22155  0
parport_pc             32701  0
i2c_algo_bit           13413  1 radeon
ppdev                  17671  0
shpchp                 37032  0
lp                     17759  0
parport                42348  3 lp,ppdev,parport_pc
mac_hid                13205  0
wmi                    19177  0
pata_acpi              13038  0
via_velocity           42511  0
ahci                   25819  7
crc_ccitt              12707  1 via_velocity
pata_atiixp            13271  0
atl1c                  46086  0
libahci                32168  1 ahci
floppy                 69418  0
root@x301:~#
 
Old 01-14-2015, 11:39 AM   #14
CyberMage
LQ Newbie
 
Registered: Jan 2015
Posts: 2

Rep: Reputation: Disabled
Did anyone come up with a solution here? I have the same scenario with a brand-new build of Ubuntu 14.04.

Code:
root@sprf1:/etc/init.d# lsmod | grep nat
xt_nat                 12681  6 
iptable_nat            13011  1 
nf_nat_ipv4            13263  1 iptable_nat
ip_tables              27239  4 iptable_filter,iptable_mangle,iptable_nat,iptable_raw
x_tables               34059  15 xt_dscp,xt_mark,xt_length,xt_recent,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_conntrack,xt_mac,xt_nat,iptable_filter,ipt_REJECT,xt_REDIRECT,iptable_mangle,iptable_raw
nf_nat_ftp             12770  0 
nf_nat                 21841  6 nf_nat_ftp,ipt_MASQUERADE,nf_nat_ipv4,xt_nat,xt_REDIRECT,iptable_nat
nf_conntrack_ftp       18638  1 nf_nat_ftp
nf_conntrack           96976  8 nf_nat_ftp,ipt_MASQUERADE,nf_nat,nf_nat_ipv4,xt_conntrack,nf_conntrack_ftp,iptable_nat,nf_conntrack_ipv4
root@sprf1:/etc/init.d#
So you can see that nf_nat, iptables_nat are both loaded.

Code:
root@sprf1:/etc/init.d# netstat-nat
Could not read info about connections from the kernel, make sure netfilter is enabled in kernel or by modules.
Yet it doesn't work...

iptables -t nat -L produces expected output, and nat traffic is flowing. I've tried this with both a MASQ rule and a SNAT rule to no avail.
 
Old 09-11-2015, 01:34 AM   #15
zhaiyan920
LQ Newbie
 
Registered: Sep 2015
Posts: 1

Rep: Reputation: Disabled
I ran into similar problem on ubuntu 14.04. After digging a bit I figured it's because /proc/net/ip_conntrack is removed (or say deprecated)

simply execute:

strace -f netstat-nat

there are two entries like:
open("/proc/net/nf_conntrack", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/proc/net/ip_conntrack", O_RDONLY) = -1 ENOENT (No such file or directory)

then comes the failure messages:
write(1, "Could not read info about connec"..., 111Could not read info about connections from the kernel, make sure netfilter is enabled in kernel or by modules.
) = 111

so it is obvious the netstat-nat in apt repository is still using the old proc file, which causes the problem on my server.

Using conntrack instead solves the problem. Hope it helps people who still are confused.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to 'netstat -nat + host ' at every time a user logs into SSH daemon ? frenchn00b Linux - Server 11 05-30-2008 12:25 AM
fc6---nat doesnt work :( pengusaha Linux - Networking 7 12-16-2007 02:22 AM
using netstat -nat shipon_97 Linux - Newbie 1 04-23-2007 02:03 PM
NAT doesnt work for me this time.. stradivarius Linux - Networking 0 04-17-2004 12:00 PM
NAT doesnt work for me this time.. stradivarius Linux - Networking 0 04-17-2004 11:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration