DNAT not working
Hi,
I have a box running vmware server where I need some DNAT rules to get traffic from a vm to where it belongs. Inserting the rule iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j DNAT --to-destination destaddr gives me: iptables: No chain/target/match by that name Also I had to manually modprobe iptable_nat since iptables -L didn't initialize everything. I rebuilt iptables to match the current kernel (2.6.23-gentoo-r3) no luck. Strace on the command showed me setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "nat�����������������������������"..., 920) = -1 ENOENT (No such file or directory) Anybody got an idea what I am doing from? Regards, Konstantin -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 ---------------------------------------------------------------------------- "Captain, this ship will not survive the forming of the cosmos." B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list |
DNAT not working
On Sun, 13 Jan 2008 20:01:04 +0000 (UTC)
Konstantinos Agouros <elwood@agouros.de> wrote: > Hi, > > I have a box running vmware server where I need some DNAT rules to get > traffic from a vm to where it belongs. Inserting the rule > iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j > DNAT --to-destination destaddr > > gives me: > > iptables: No chain/target/match by that name > > Also I had to manually modprobe iptable_nat since iptables -L didn't > initialize everything. I rebuilt iptables to match the current kernel > (2.6.23-gentoo-r3) no luck. Strace on the command showed me > setsockopt(3, SOL_IP, 0x40 /* IP_??? */, > "nat�����������������������������"..., > 920) = -1 ENOENT (No such file or directory) > > Anybody got an idea what I am doing from? > > Regards, > > Konstantin I believe you've forgotten to build support for NAT in your kernel: │ Symbol: IP_NF_IPTABLES [=m] │ Prompt: IP tables support (required for filtering/masq/NAT) │ Defined at net/ipv4/netfilter/Kconfig:45 │ Depends on: NET && INET && NETFILTER │ Location: │ -> Networking │ -> Networking support (NET [=y]) │ -> Networking options │ -> Network packet filtering framework (Netfilter) (NETFILTER [=y]) │ -> IP: Netfilter Configuration │ Selects: NETFILTER_XTABLES -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list |
DNAT not working
In <20080114011831.5289a466@ilievnet.com> daniel.iliev@gmail.com (Daniel Iliev) writes:
>On Sun, 13 Jan 2008 20:01:04 +0000 (UTC) >Konstantinos Agouros <elwood@agouros.de> wrote: >> Hi, >>=20 >> I have a box running vmware server where I need some DNAT rules to get >> traffic from a vm to where it belongs. Inserting the rule >> iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j >> DNAT --to-destination destaddr >>=20 >> gives me: >>=20 >> iptables: No chain/target/match by that name >>=20 >> Also I had to manually modprobe iptable_nat since iptables -L didn't >> initialize everything. I rebuilt iptables to match the current kernel >> (2.6.23-gentoo-r3) no luck. Strace on the command showed me >> setsockopt(3, SOL_IP, 0x40 /* IP_??? */, >> "nat�����������������������������"..., >> 920) =3D -1 ENOENT (No such file or directory) >>=20 >> Anybody got an idea what I am doing from? >>=20 >> Regards, >>=20 >> Konstantin >I believe you've forgotten to build support for NAT in your kernel: Nope that's not it grep IP_NF_IPTABLES .config CONFIG_IP_NF_IPTABLES=m And it's not that I can't insert anything in the chain. It's --dport that gets me the error message. I played around and started with inserting a blank rule. >=E2=94=82 Symbol: IP_NF_IPTABLES [=3Dm] >=E2=94=82 Prompt: IP tables support (required for filtering/masq/NAT) >=E2=94=82 Defined at net/ipv4/netfilter/Kconfig:45=20 >=E2=94=82 Depends on: NET && INET && NETFILTER=20 >=E2=94=82 Location: >=E2=94=82 -> Networking >=E2=94=82 -> Networking support (NET [=3Dy])=20 >=E2=94=82 -> Networking options >=E2=94=82 -> Network packet filtering framework (Netfilter) (NETFILTER [=3D= >y])=20 >=E2=94=82 -> IP: Netfilter Configuration=20 >=E2=94=82 Selects: NETFILTER_XTABLES >--=20 >Best regards, >Daniel >-- >gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 ---------------------------------------------------------------------------- "Captain, this ship will not survive the forming of the cosmos." B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list |
DNAT not working
On Sunday 13 January 2008, Konstantinos Agouros wrote:
> Hi, > > I have a box running vmware server where I need some DNAT rules to get > traffic from a vm to where it belongs. Inserting the rule > iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j DNAT > --to-destination destaddr > > gives me: > > iptables: No chain/target/match by that name before --dport you may need the match option: -m --dport 1234 -j DNAT .... You might also need to specify a policy for PREROUTING before inserting the rule (but I'm not sure). Try these suggestions one at a time and see what gives. HTH. -- Regards, Mick |
DNAT not working
On Wednesday 16 January 2008, Mick wrote:
> On Sunday 13 January 2008, Konstantinos Agouros wrote: > > Hi, > > > > I have a box running vmware server where I need some DNAT rules to > > get traffic from a vm to where it belongs. Inserting the rule > > iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j > > DNAT --to-destination destaddr > > > > gives me: > > > > iptables: No chain/target/match by that name > > before --dport you may need the match option: -m --dport 1234 -j > DNAT .... no, his syntax is OK > You might also need to specify a policy for PREROUTING before > inserting the rule (but I'm not sure). Try these suggestions one at > a time and see what gives. That doesn't matter, a chain always has a policy (ACCEPT by default). Most likely he doesn't have the correct module loaded int he kernel -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list |
DNAT not working
In <200801161423.38386.alan.mckinnon@gmail.com> alan.mckinnon@gmail.com (Alan McKinnon) writes:
>On Wednesday 16 January 2008, Mick wrote: >> On Sunday 13 January 2008, Konstantinos Agouros wrote: >> > Hi, >> > >> > I have a box running vmware server where I need some DNAT rules to >> > get traffic from a vm to where it belongs. Inserting the rule >> > iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j >> > DNAT --to-destination destaddr >> > >> > gives me: >> > >> > iptables: No chain/target/match by that name >> >> before --dport you may need the match option: -m --dport 1234 -j >> DNAT .... >no, his syntax is OK >> You might also need to specify a policy for PREROUTING before >> inserting the rule (but I'm not sure). Try these suggestions one at >> a time and see what gives. >That doesn't matter, a chain always has a policy (ACCEPT by default). >Most likely he doesn't have the correct module loaded int he kernel As I said, the fact that iptables -L (after a fresh reboot) does not do anything puzzles me a bit. What would be the right module in Your opinion? Also is there a kernel configuration option I might have overseen? Regards, Konstantin >-- >Alan McKinnon >alan dot mckinnon at gmail dot com >-- >gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 ---------------------------------------------------------------------------- "Captain, this ship will not survive the forming of the cosmos." B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list |
DNAT not working
On Wednesday 16 January 2008, Konstantinos Agouros wrote:
> In <200801161423.38386.alan.mckinnon@gmail.com> alan.mckinnon@gmail.com (Alan McKinnon) writes: > >Most likely he doesn't have the correct module loaded int he kernel > > As I said, the fact that iptables -L (after a fresh reboot) does not > do anything puzzles me a bit. What would be the right module in Your > opinion? Also is there a kernel configuration option I might have > overseen? nat needs the following config at least: Networking -> Networking Options -> Network packet filtering framework (Netfilter) -> IP: Netfilter Configuration -> Full NAT and the options below it the modules that load on my machine after running that same iptbales command are: xt_tcpudp 3712 1 iptable_nat 7812 1 nf_nat 20524 1 iptable_nat nf_conntrack_ipv4 18952 2 iptable_nat nf_conntrack 66376 3 iptable_nat,nf_nat,nf_conntrack_ipv4 nfnetlink 6424 3 nf_nat,nf_conntrack_ipv4,nf_conntrack ip_tables 14284 1 iptable_nat x_tables 15748 3 xt_tcpudp,iptable_nat,ip_tables alan -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list |
DNAT not working
On Wednesday 16 January 2008, Alan McKinnon wrote:
> nat needs the following config at least: > > Networking -> Networking Options -> Network packet filtering framework > (Netfilter) -> IP: Netfilter Configuration -> Full NAT > > and the options below it I guess it also needs some kind of connection tracking, like NF_CONNTRACK_ENABLED: Networking -> Networking Options -> Network packet filtering framework (Netfilter) -> Core Netfilter Configuration -> Netfilter connection tracking support -- gentoo-user@lists.gentoo.org mailing list |
DNAT not working
In <200801162013.49843.alan.mckinnon@gmail.com> alan.mckinnon@gmail.com (Alan McKinnon) writes:
>On Wednesday 16 January 2008, Konstantinos Agouros wrote: >> In <200801161423.38386.alan.mckinnon@gmail.com> >alan.mckinnon@gmail.com (Alan McKinnon) writes: >> >Most likely he doesn't have the correct module loaded int he kernel >> >> As I said, the fact that iptables -L (after a fresh reboot) does not >> do anything puzzles me a bit. What would be the right module in Your >> opinion? Also is there a kernel configuration option I might have >> overseen? >nat needs the following config at least: >Networking -> Networking Options -> Network packet filtering framework >(Netfilter) -> IP: Netfilter Configuration -> Full NAT >and the options below it >the modules that load on my machine after running that same iptbales >command are: >xt_tcpudp 3712 1 >iptable_nat 7812 1 >nf_nat 20524 1 iptable_nat >nf_conntrack_ipv4 18952 2 iptable_nat >nf_conntrack 66376 3 iptable_nat,nf_nat,nf_conntrack_ipv4 >nfnetlink 6424 3 nf_nat,nf_conntrack_ipv4,nf_conntrack >ip_tables 14284 1 iptable_nat >x_tables 15748 3 xt_tcpudp,iptable_nat,ip_tables This is what I have: Module Size Used by iptable_filter 6400 1 iptable_nat 10116 0 ip_tables 14404 2 iptable_filter,iptable_nat nf_nat 19116 1 iptable_nat x_tables 14084 2 iptable_nat,ip_tables nf_conntrack_ipv4 11908 2 iptable_nat nf_conntrack 53192 3 iptable_nat,nf_nat,nf_conntrack_ipv4 nfnetlink 8088 3 nf_nat,nf_conntrack_ipv4,nf_conntrack xt_tcpudp is the difference as it seems >alan >-- >Alan McKinnon >alan dot mckinnon at gmail dot com >-- >gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 ---------------------------------------------------------------------------- "Captain, this ship will not survive the forming of the cosmos." B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list |
DNAT not working
In <200801162019.40781.shrdlu@unlimitedmail.org> shrdlu@unlimitedmail.org (Etaoin Shrdlu) writes:
>On Wednesday 16 January 2008, Alan McKinnon wrote: >> nat needs the following config at least: >> >> Networking -> Networking Options -> Network packet filtering framework >> (Netfilter) -> IP: Netfilter Configuration -> Full NAT >> >> and the options below it >I guess it also needs some kind of connection tracking, like >NF_CONNTRACK_ENABLED: >Networking -> Networking Options -> Network packet filtering framework >(Netfilter) -> Core Netfilter Configuration -> Netfilter connection >tracking support got that: CONFIG_NF_CONNTRACK_ENABLED=m >-- >gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 ---------------------------------------------------------------------------- "Captain, this ship will not survive the forming of the cosmos." B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list |
| All times are GMT. The time now is 01:38 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.