[3.18] Nat

Support Debian
#1

Bonsoir,
je rencontre ceci:

root@alph30:/home/jb1# ./parefeu.sh start
 * Starting firewall..                                                                                                                    iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
                                                                                                                                   [ OK ]
root@alph30:/home/jb1#

c’est le parefeu du wiki,
le kernel est 3.18.0

Voyez-vous un conseil?
A+
JB1

#2

Et il vient d’où, ce noyau ? A-t-il été compilé avec le support du NAT IPv4 ?
Que contient /proc/net/ip_tables_names ?
Que dit modinfo à propos de iptable_nat, nf_nat, nf_nat_ipv4 ?

#3

Bonjour Pascal et les autres,

les divers réponses,
ce noyau vient de kernel.org

root@alph30:/proc/net# ls
anycast6      hci            ip_mr_cache  packet     rt6_stats     stat
arp           icmp           ip_mr_vif    pnp        rt_acct       tcp
bnep          icmp6          ipv6_route   protocols  rt_cache      tcp6
connector     if_inet6       l2cap        psched     sco           udp
dev           igmp           mcfilter     ptype      snmp          udp6
dev_mcast     igmp6          mcfilter6    raw        snmp6         udplite
dev_snmp6     ip6_flowlabel  netfilter    raw6       sockstat      udplite6
fib_trie      ip6_mr_cache   netlink      rfcomm     sockstat6     unix
fib_triestat  ip6_mr_vif     netstat      route      softnet_stat  wireless
root@alph30:/proc/net# cd netfilter
root@alph30:/proc/net/netfilter# ls
nf_log
root@alph30:/proc/net/netfilter# cd
root@alph30:~# modinfo iptable_nat
modinfo: ERROR: Module iptable_nat not found.
root@alph30:~# modinfo nf_nat
filename:       /lib/modules/3.18.0/kernel/net/netfilter/nf_nat.ko
license:        GPL
srcversion:     B5E728474B05AB8C081DCFD
depends:        nf_conntrack
intree:         Y
vermagic:       3.18.0 SMP mod_unload modversions 
signer:         Magrathea: Glacier signing key
sig_key:        38:D4:A7:65:1C:6A:CE:6C:04:41:8E:21:8A:D2:08:CD:AC:03:8D:7B
sig_hashalgo:   sha512
root@alph30:~# modinfo nf_nat_ipv4
filename:       /lib/modules/3.18.0/kernel/net/ipv4/netfilter/nf_nat_ipv4.ko
alias:          nf-nat-2
license:        GPL
srcversion:     1FBA63297BD688832ABF236
depends:        nf_nat,nf_conntrack
intree:         Y
vermagic:       3.18.0 SMP mod_unload modversions 
signer:         Magrathea: Glacier signing key
sig_key:        38:D4:A7:65:1C:6A:CE:6C:04:41:8E:21:8A:D2:08:CD:AC:03:8D:7B
sig_hashalgo:   sha512
root@alph30:~# cd /usr/src/linux
root@alph30:/usr/src/linux# fgrep NAT .config
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
CONFIG_ARCH_HIBERNATION_HEADER=y
CONFIG_HIBERNATE_CALLBACKS=y
CONFIG_HIBERNATION=y
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NFT_NAT=m
# CONFIG_NETFILTER_XT_NAT is not set
CONFIG_NF_NAT_IPV4=m
CONFIG_NFT_CHAIN_NAT_IPV4=m
CONFIG_NF_NAT_MASQUERADE_IPV4=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
# CONFIG_IP_NF_NAT is not set
CONFIG_NF_NAT_IPV6=m
CONFIG_NFT_CHAIN_NAT_IPV6=m
# CONFIG_NF_NAT_MASQUERADE_IPV6 is not set
# CONFIG_IP6_NF_NAT is not set
CONFIG_BRIDGE_EBT_T_NAT=m
CONFIG_BRIDGE_EBT_DNAT=m
CONFIG_BRIDGE_EBT_SNAT=m
CONFIG_NET_ACT_NAT=m
CONFIG_NET_VENDOR_NATSEMI=y
CONFIG_NATSEMI=m
CONFIG_NATIONAL_PHY=y
CONFIG_REGULATOR_ANATOP=m
CONFIG_INTEGRITY_SIGNATURE=y
CONFIG_CHECK_SIGNATURE=y
CONFIG_SIGNATURE=y
root@alph30

hier soir, j’ai refais un make menuconfig,
le NAT etait bien en module M

étonnant dans /proc/net je ne trouve pas d’ipv4 donc plus ip_forward et le reste
A+
JB1

#4

Je me suis trompé, il ne faut rien lire pour ip_forward

root@alph30:/proc/sys/net/ipv4# cat ip_forward
1
root@alph30:/proc/sys/net/ipv4#

A+
JB1

#5

Il faut activer IP_NF_NAT (iptables NAT support) en dur ou en module. Cette option dépend de IP_NF_IPTABLES (IP tables support (required for filtering/masq/NAT)).

#6

bonjour,
merci pour l’info,
je tiens au courant
A+
JB1

#7

Merci Pascal
:041 :041 :041
cela fonctionne,

il me restera à régler le boot en mode NON récupération
on verra cela en 2015

Merci encore,
à l’année prochaine,
bonne fête de fin d’année
A+
JB1