[SOLVED] IPTABLES issue

MarcusWebb1966 · 12-21-2011, 05:32 AM

Ok, so what I have (on a different server from the other one I've got a problem with) is a situation where I get the following message from iptables:

iptables v1.4.12.1: can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

I've emerge --unmerge and re-emerged Iptables, but cannot understand why this is throwing this issue - I've enabled Netfilter and associated bits in the menuconfig. what have I missed out on or messed up on?

TIA

andrewthomas · 12-21-2011, 07:21 AM

It is a kernel configuration problem.

Is the nat module built-in?

grep your kernel config for NF_NAT

MarcusWebb1966 · 12-22-2011, 02:39 AM

Hi andrewthomas

I thought I'd switched it on, but I could be wrong on this one. This is what I got back from a grep of my kernel config

CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_NF_NAT_SIP=m

andrewthomas · 12-22-2011, 05:47 AM

what is the output of lsmod?

Here is mine:

Code:

asus-gentoo linux # lsmod
Module                  Size  Used by
iptable_nat             4406  0 
nf_nat                 18217  1 iptable_nat
iptable_mangle          1846  0 
ipt_LOG                 7808  1 
xt_tcpudp               2579  11 
nf_conntrack_ipv4      12921  4 iptable_nat,nf_nat
nf_defrag_ipv4          1433  1 nf_conntrack_ipv4
xt_state                1370  1 
nf_conntrack           70132  4 iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state
iptable_filter          1762  1 
ip_tables              12135  3 iptable_nat,iptable_mangle,iptable_filter
x_tables               17826  7 iptable_nat,iptable_mangle,ipt_LOG,xt_tcpudp,xt_state,iptable_filter,ip_tables

i92guboj · 12-22-2011, 07:23 AM

Double check that you are using the kernel that you think you are using (i.e. you are not installing your newer kernels into /boot without mounting it if it's a separate partition, and the like). Particularly, use uname -a and check the compilation date. lsmod, as said above, can also be helpful.

MarcusWebb1966 · 12-22-2011, 09:24 AM

output of lsmod

Code:

portia marcusw # lsmod
Module                  Size  Used by
libiscsi               26824  0
scsi_transport_iscsi    20224  1 libiscsi
e1000                  76920  0
fuse                   47880  1
nfs                   113672  0
lockd                  52004  1 nfs
sunrpc                140088  3 nfs,lockd
jfs                   130176  0
raid10                 16296  0
raid456                40056  0
async_raid6_recov       1080  1 raid456
async_memcpy            1048  1 raid456
async_pq                2752  1 raid456
async_xor               2012  2 raid456,async_pq
xor                     4056  1 async_xor
async_tx                1384  5 raid456,async_raid6_recov,async_memcpy,async_pq,async_xor
raid6_pq               76584  2 async_raid6_recov,async_pq
raid1                  15832  0
raid0                   6412  0
dm_snapshot            19836  0
dm_crypt               11344  0
dm_mirror              10080  0
dm_region_hash          5096  1 dm_mirror
dm_log                  6204  2 dm_mirror,dm_region_hash
dm_mod                 45552  4 dm_snapshot,dm_crypt,dm_mirror,dm_log
scsi_wait_scan           536  0
hid_sunplus             1144  0
hid_sony                1896  0
hid_samsung             2536  0
hid_pl                  1112  0
hid_petalynx            1640  0
hid_monterey            1240  0
hid_microsoft           2316  0
hid_logitech            6120  0
hid_gyration            1768  0
hid_ezkey               1080  0
hid_cypress             1512  0
hid_chicony             1496  0
hid_cherry              1208  0
hid_belkin              1368  0
hid_apple               4200  0
hid_a4tech              1592  0
sl811_hcd               7944  0
usbhid                 19136  0
ohci_hcd               17132  0
ssb                    30056  1 ohci_hcd
uhci_hcd               16592  0
usb_storage            37312  0
ehci_hcd               28652  0
usbcore               102376  8 hid_sony,sl811_hcd,usbhid,ohci_hcd,uhci_hcd,usb_storage,ehci_hcd
aic94xx                60072  0
libsas                 39840  1 aic94xx
lpfc                  385456  0
qla2xxx               262144  0
megaraid_sas           56704  6
megaraid_mbox          22440  0
megaraid_mm             6056  1 megaraid_mbox
megaraid               33936  0
aacraid                59648  0
sx8                    10248  0
DAC960                 58248  0
cciss                  39376  0
3w_9xxx                27744  0
3w_xxxx                19568  0
mptsas                 30040  0
scsi_transport_sas     16600  3 aic94xx,libsas,mptsas
mptfc                   9344  0
scsi_transport_fc      30316  3 lpfc,qla2xxx,mptfc
scsi_tgt                6928  1 scsi_transport_fc
mptspi                  9736  0
mptscsih               14440  3 mptsas,mptfc,mptspi
mptbase                50632  4 mptsas,mptfc,mptspi,mptscsih
atp870u                23280  0
dc395x                 24692  0
qla1280                18000  0
imm                     7812  0
parport                21984  1 imm
dmx3191d                8296  0
sym53c8xx              58544  0
gdth                   71064  0
advansys               48976  0
initio                 13920  0
BusLogic               18208  0
arcmsr                 20480  0
aic7xxx                96668  0
aic79xx               101500  0
scsi_transport_spi     14056  5 mptspi,dmx3191d,sym53c8xx,aic7xxx,aic79xx
sg                     18968  0
pdc_adma                4716  0
sata_inic162x           5596  0
sata_mv                21100  0
ata_piix               20128  0
ahci                   19248  0
libahci                14228  1 ahci
sata_qstor              4476  0
sata_vsc                3468  0
sata_uli                2652  0
sata_sis                3292  0
sata_sx4                7068  0
sata_nv                16612  0
sata_via                7084  0
sata_svw                3548  0
sata_sil24              9248  0
sata_sil                6544  0
sata_promise            8444  0
pata_sl82c105           2840  0
pata_cs5530             3752  0
pata_cs5520             3272  0
pata_via                7792  0
pata_jmicron            2056  0
pata_marvell            2472  0
pata_sis                8988  1 sata_sis
pata_netcell            1884  0
pata_sc1200             2504  0
pata_pdc202xx_old       3640  0
pata_triflex            2604  0
pata_atiixp             3068  0
pata_opti               2380  0
pata_amd                8892  0
pata_ali                8216  0
pata_it8213             2924  0
pata_pcmcia             9240  0
pcmcia                 25360  2 ssb,pata_pcmcia
pcmcia_core             8512  1 pcmcia
pata_ns87415            2604  0
pata_ns87410            2360  0
pata_serverworks        4568  0
pata_platform           2840  0
pata_artop              4076  0
pata_it821x             7276  0
pata_optidma            3824  0
pata_hpt3x2n            4728  0
pata_hpt3x3             2636  0
pata_hpt37x             9816  0
pata_hpt366             4376  0
pata_cmd64x             5304  0
pata_efar               3056  0
pata_rz1000             2348  0
pata_sil680             3980  0
pata_radisys            2508  0
pata_pdc2027x           5340  0
pata_mpiix              2476  0
libata                128884  53 libsas,pdc_adma,sata_inic162x,sata_mv,ata_piix,ahci,libahci,sata_qstor,sata_vsc,sata_uli,sata_sis,sata_sx4,sata_nv,sata_via,sata_svw,sata_sil24,sata_sil,sata_promise,pata_sl82c105,pata_cs5530,pata_cs5520,pata_via,pata_jmicron,pata_marvell,pata_sis,pata_netcell,pata_sc1200,pata_pdc202xx_old,pata_triflex,pata_atiixp,pata_opti,pata_amd,pata_ali,pata_it8213,pata_pcmcia,pata_ns87415,pata_ns87410,pata_serverworks,pata_platform,pata_artop,pata_it821x,pata_optidma,pata_hpt3x2n,pata_hpt3x3,pata_hpt37x,pata_hpt366,pata_cmd64x,pata_efar,pata_rz1000,pata_sil680,pata_radisys,pata_pdc2027x,pata_mpiix

I'm reasonably certain I had the /boot partition mounted when I compiled and copied over the files but I'm recompiling and copying them again just to be on the safe side.

MarcusWebb1966 · 12-22-2011, 10:54 AM

after a recompile, I get the same result.

MarcusWebb1966 · 12-22-2011, 11:01 AM

My full .config file:

Pastebin Link

andrewthomas · 12-22-2011, 11:09 AM

Are there any modules in

Code:

/lib/modules/<your-kernel-version>/kernel/net/ipv4/netfilter

Code:

lxde@gentoo-asus ~ $ ls -al /lib/modules/3.1.5-gentoo/kernel/net/ipv4/netfilter
total 236
drwxr-xr-x 2 root root  4096 Dec 20 09:13 .
drwxr-xr-x 3 root root  4096 Dec 20 09:13 ..
-rw-r--r-- 1 root root 23735 Dec 20 09:13 ip_tables.ko
-rw-r--r-- 1 root root 13183 Dec 20 09:13 ipt_LOG.ko
-rw-r--r-- 1 root root  6209 Dec 20 09:13 ipt_MASQUERADE.ko
-rw-r--r-- 1 root root  4531 Dec 20 09:13 ipt_NETMAP.ko
-rw-r--r-- 1 root root  4763 Dec 20 09:13 ipt_REDIRECT.ko
-rw-r--r-- 1 root root  7117 Dec 20 09:13 ipt_REJECT.ko
-rw-r--r-- 1 root root 11879 Dec 20 09:13 ipt_ULOG.ko
-rw-r--r-- 1 root root  4305 Dec 20 09:13 ipt_ah.ko
-rw-r--r-- 1 root root  4815 Dec 20 09:13 ipt_ecn.ko
-rw-r--r-- 1 root root  6372 Dec 20 09:13 iptable_filter.ko
-rw-r--r-- 1 root root  6009 Dec 20 09:13 iptable_mangle.ko
-rw-r--r-- 1 root root 11398 Dec 20 09:13 iptable_nat.ko
-rw-r--r-- 1 root root  5346 Dec 20 09:13 iptable_raw.ko
-rw-r--r-- 1 root root 29229 Dec 20 09:13 nf_conntrack_ipv4.ko
-rw-r--r-- 1 root root  4818 Dec 20 09:13 nf_defrag_ipv4.ko
-rw-r--r-- 1 root root 33795 Dec 20 09:13 nf_nat.ko
-rw-r--r-- 1 root root  6327 Dec 20 09:13 nf_nat_ftp.ko
-rw-r--r-- 1 root root  5896 Dec 20 09:13 nf_nat_irc.ko

MarcusWebb1966 · 12-23-2011, 02:44 AM

Hi

Looked in there and this is what I found: (kernel is 3.0.6-gentoo)

Code:

ls netfilter -la
total 276
drwxr-xr-x 2 root root  4096 Dec 22 17:23 .
drwxr-xr-x 3 root root  4096 Dec 22 17:23 ..
-rw-r--r-- 1 root root 28278 Dec 22 17:23 arp_tables.ko
-rw-r--r-- 1 root root  4502 Dec 22 17:23 arpt_mangle.ko
-rw-r--r-- 1 root root  6020 Dec 22 17:23 arptable_filter.ko
-rw-r--r-- 1 root root 15757 Dec 22 17:23 ipt_CLUSTERIP.ko
-rw-r--r-- 1 root root  5687 Dec 22 17:23 ipt_ECN.ko
-rw-r--r-- 1 root root 12693 Dec 22 17:23 ipt_LOG.ko
-rw-r--r-- 1 root root  6747 Dec 22 17:23 ipt_MASQUERADE.ko
-rw-r--r-- 1 root root  4724 Dec 22 17:23 ipt_NETMAP.ko
-rw-r--r-- 1 root root  4802 Dec 22 17:23 ipt_REDIRECT.ko
-rw-r--r-- 1 root root  7256 Dec 22 17:23 ipt_REJECT.ko
-rw-r--r-- 1 root root 12796 Dec 22 17:23 ipt_ULOG.ko
-rw-r--r-- 1 root root  4279 Dec 22 17:23 ipt_ah.ko
-rw-r--r-- 1 root root  4789 Dec 22 17:23 ipt_ecn.ko
-rw-r--r-- 1 root root  6987 Dec 22 17:23 iptable_filter.ko
-rw-r--r-- 1 root root  6417 Dec 22 17:23 iptable_mangle.ko
-rw-r--r-- 1 root root  5833 Dec 22 17:23 iptable_raw.ko
-rw-r--r-- 1 root root  5011 Dec 22 17:23 nf_nat_amanda.ko
-rw-r--r-- 1 root root  6151 Dec 22 17:23 nf_nat_ftp.ko
-rw-r--r-- 1 root root 12877 Dec 22 17:23 nf_nat_h323.ko
-rw-r--r-- 1 root root  5872 Dec 22 17:23 nf_nat_irc.ko
-rw-r--r-- 1 root root  7084 Dec 22 17:23 nf_nat_pptp.ko
-rw-r--r-- 1 root root  5850 Dec 22 17:23 nf_nat_proto_gre.ko
-rw-r--r-- 1 root root  5205 Dec 22 17:23 nf_nat_proto_sctp.ko
-rw-r--r-- 1 root root  5148 Dec 22 17:23 nf_nat_proto_udplite.ko
-rw-r--r-- 1 root root 12777 Dec 22 17:23 nf_nat_sip.ko
-rw-r--r-- 1 root root  4393 Dec 22 17:23 nf_nat_tftp.ko

MarcusWebb1966 · 12-28-2011, 04:00 AM

Any more ideas about what may be causing this at all?

MarcusWebb1966 · 12-30-2011, 07:25 AM

OK fixed it. I went and removed all references in /lib/modules/* (rm -rf), then re-emerged gentoo-sources, and then went and did genkernel --menuconfig all.

The actual error was not this:

Code:

iptables v1.4.12.1: can't initialize iptables table `nat': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

but when I looked in dmesg I saw a message saying:

Code:

WARNING: Error inserting x_tables (/lib/modules/3.0.6-gentoo/kernel/net/netfilter/x_tables.ko): Invalid module format 
FATAL: Error inserting ip_tables (/lib/modules/3.0.6-gentoo/kernel/net/ipv4/netfilter/ip_tables.ko): Invalid module format

which is what directed me to this result.

NOT for the faint of heart, I have to say.

Thank you to all those who made suggestions here and elsewhere.