FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 01-13-2008, 07:01 PM
Konstantinos Agouros
 
Default DNAT not working

Hi,

I have a box running vmware server where I need some DNAT rules to get
traffic from a vm to where it belongs. Inserting the rule
iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j DNAT --to-destination destaddr

gives me:

iptables: No chain/target/match by that name

Also I had to manually modprobe iptable_nat since iptables -L didn't
initialize everything. I rebuilt iptables to match the current kernel
(2.6.23-gentoo-r3) no luck. Strace on the command showed me
setsockopt(3, SOL_IP, 0x40 /* IP_??? */, "nat"..., 920) = -1 ENOENT (No such file or directory)

Anybody got an idea what I am doing from?

Regards,

Konstantin
--
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres
--
gentoo-user@lists.gentoo.org mailing list
 
Old 01-13-2008, 10:18 PM
Daniel Iliev
 
Default DNAT not working

On Sun, 13 Jan 2008 20:01:04 +0000 (UTC)
Konstantinos Agouros <elwood@agouros.de> wrote:

> Hi,
>
> I have a box running vmware server where I need some DNAT rules to get
> traffic from a vm to where it belongs. Inserting the rule
> iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j
> DNAT --to-destination destaddr
>
> gives me:
>
> iptables: No chain/target/match by that name
>
> Also I had to manually modprobe iptable_nat since iptables -L didn't
> initialize everything. I rebuilt iptables to match the current kernel
> (2.6.23-gentoo-r3) no luck. Strace on the command showed me
> setsockopt(3, SOL_IP, 0x40 /* IP_??? */,
> "nat"...,
> 920) = -1 ENOENT (No such file or directory)
>
> Anybody got an idea what I am doing from?
>
> Regards,
>
> Konstantin



I believe you've forgotten to build support for NAT in your kernel:



│ Symbol: IP_NF_IPTABLES [=m]
│ Prompt: IP tables support (required for filtering/masq/NAT)
│ Defined at net/ipv4/netfilter/Kconfig:45
│ Depends on: NET && INET && NETFILTER
│ Location:
│ -> Networking
│ -> Networking support (NET [=y])
│ -> Networking options
│ -> Network packet filtering framework (Netfilter) (NETFILTER [=y])
│ -> IP: Netfilter Configuration
│ Selects: NETFILTER_XTABLES


--
Best regards,
Daniel
--
gentoo-user@lists.gentoo.org mailing list
 
Old 01-14-2008, 03:31 PM
Konstantinos Agouros
 
Default DNAT not working

In <20080114011831.5289a466@ilievnet.com> daniel.iliev@gmail.com (Daniel Iliev) writes:

>On Sun, 13 Jan 2008 20:01:04 +0000 (UTC)
>Konstantinos Agouros <elwood@agouros.de> wrote:

>> Hi,
>>=20
>> I have a box running vmware server where I need some DNAT rules to get
>> traffic from a vm to where it belongs. Inserting the rule
>> iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j
>> DNAT --to-destination destaddr
>>=20
>> gives me:
>>=20
>> iptables: No chain/target/match by that name
>>=20
>> Also I had to manually modprobe iptable_nat since iptables -L didn't
>> initialize everything. I rebuilt iptables to match the current kernel
>> (2.6.23-gentoo-r3) no luck. Strace on the command showed me
>> setsockopt(3, SOL_IP, 0x40 /* IP_??? */,
>> "nat"...,
>> 920) =3D -1 ENOENT (No such file or directory)
>>=20
>> Anybody got an idea what I am doing from?
>>=20
>> Regards,
>>=20
>> Konstantin



>I believe you've forgotten to build support for NAT in your kernel:
Nope that's not it

grep IP_NF_IPTABLES .config

CONFIG_IP_NF_IPTABLES=m

And it's not that I can't insert anything in the chain. It's --dport
that gets me the error message. I played around and started with inserting
a blank rule.



>=E2=94=82 Symbol: IP_NF_IPTABLES [=3Dm]
>=E2=94=82 Prompt: IP tables support (required for filtering/masq/NAT)
>=E2=94=82 Defined at net/ipv4/netfilter/Kconfig:45=20
>=E2=94=82 Depends on: NET && INET && NETFILTER=20
>=E2=94=82 Location:
>=E2=94=82 -> Networking
>=E2=94=82 -> Networking support (NET [=3Dy])=20
>=E2=94=82 -> Networking options
>=E2=94=82 -> Network packet filtering framework (Netfilter) (NETFILTER [=3D=
>y])=20
>=E2=94=82 -> IP: Netfilter Configuration=20
>=E2=94=82 Selects: NETFILTER_XTABLES


>--=20
>Best regards,
>Daniel
>--
>gentoo-user@lists.gentoo.org mailing list

--
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres
--
gentoo-user@lists.gentoo.org mailing list
 
Old 01-16-2008, 11:01 AM
Mick
 
Default DNAT not working

On Sunday 13 January 2008, Konstantinos Agouros wrote:
> Hi,
>
> I have a box running vmware server where I need some DNAT rules to get
> traffic from a vm to where it belongs. Inserting the rule
> iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j DNAT
> --to-destination destaddr
>
> gives me:
>
> iptables: No chain/target/match by that name

before --dport you may need the match option: -m --dport 1234 -j DNAT ....

You might also need to specify a policy for PREROUTING before inserting the
rule (but I'm not sure). Try these suggestions one at a time and see what
gives.

HTH.
--
Regards,
Mick
 
Old 01-16-2008, 11:23 AM
Alan McKinnon
 
Default DNAT not working

On Wednesday 16 January 2008, Mick wrote:
> On Sunday 13 January 2008, Konstantinos Agouros wrote:
> > Hi,
> >
> > I have a box running vmware server where I need some DNAT rules to
> > get traffic from a vm to where it belongs. Inserting the rule
> > iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j
> > DNAT --to-destination destaddr
> >
> > gives me:
> >
> > iptables: No chain/target/match by that name
>
> before --dport you may need the match option: -m --dport 1234 -j
> DNAT ....

no, his syntax is OK

> You might also need to specify a policy for PREROUTING before
> inserting the rule (but I'm not sure). Try these suggestions one at
> a time and see what gives.

That doesn't matter, a chain always has a policy (ACCEPT by default).

Most likely he doesn't have the correct module loaded int he kernel


--
Alan McKinnon
alan dot mckinnon at gmail dot com
--
gentoo-user@lists.gentoo.org mailing list
 
Old 01-16-2008, 03:49 PM
Konstantinos Agouros
 
Default DNAT not working

In <200801161423.38386.alan.mckinnon@gmail.com> alan.mckinnon@gmail.com (Alan McKinnon) writes:

>On Wednesday 16 January 2008, Mick wrote:
>> On Sunday 13 January 2008, Konstantinos Agouros wrote:
>> > Hi,
>> >
>> > I have a box running vmware server where I need some DNAT rules to
>> > get traffic from a vm to where it belongs. Inserting the rule
>> > iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j
>> > DNAT --to-destination destaddr
>> >
>> > gives me:
>> >
>> > iptables: No chain/target/match by that name
>>
>> before --dport you may need the match option: -m --dport 1234 -j
>> DNAT ....

>no, his syntax is OK

>> You might also need to specify a policy for PREROUTING before
>> inserting the rule (but I'm not sure). Try these suggestions one at
>> a time and see what gives.

>That doesn't matter, a chain always has a policy (ACCEPT by default).

>Most likely he doesn't have the correct module loaded int he kernel
As I said, the fact that iptables -L (after a fresh reboot) does not do
anything puzzles me a bit. What would be the right module in Your opinion?
Also is there a kernel configuration option I might have overseen?

Regards,

Konstantin


>--
>Alan McKinnon
>alan dot mckinnon at gmail dot com
>--
>gentoo-user@lists.gentoo.org mailing list

--
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres
--
gentoo-user@lists.gentoo.org mailing list
 
Old 01-16-2008, 05:13 PM
Alan McKinnon
 
Default DNAT not working

On Wednesday 16 January 2008, Konstantinos Agouros wrote:
> In <200801161423.38386.alan.mckinnon@gmail.com>
alan.mckinnon@gmail.com (Alan McKinnon) writes:

> >Most likely he doesn't have the correct module loaded int he kernel
>
> As I said, the fact that iptables -L (after a fresh reboot) does not
> do anything puzzles me a bit. What would be the right module in Your
> opinion? Also is there a kernel configuration option I might have
> overseen?

nat needs the following config at least:

Networking -> Networking Options -> Network packet filtering framework
(Netfilter) -> IP: Netfilter Configuration -> Full NAT

and the options below it

the modules that load on my machine after running that same iptbales
command are:

xt_tcpudp 3712 1
iptable_nat 7812 1
nf_nat 20524 1 iptable_nat
nf_conntrack_ipv4 18952 2 iptable_nat
nf_conntrack 66376 3 iptable_nat,nf_nat,nf_conntrack_ipv4
nfnetlink 6424 3 nf_nat,nf_conntrack_ipv4,nf_conntrack
ip_tables 14284 1 iptable_nat
x_tables 15748 3 xt_tcpudp,iptable_nat,ip_tables


alan

--
Alan McKinnon
alan dot mckinnon at gmail dot com
--
gentoo-user@lists.gentoo.org mailing list
 
Old 01-16-2008, 06:19 PM
Etaoin Shrdlu
 
Default DNAT not working

On Wednesday 16 January 2008, Alan McKinnon wrote:

> nat needs the following config at least:
>
> Networking -> Networking Options -> Network packet filtering framework
> (Netfilter) -> IP: Netfilter Configuration -> Full NAT
>
> and the options below it

I guess it also needs some kind of connection tracking, like
NF_CONNTRACK_ENABLED:

Networking -> Networking Options -> Network packet filtering framework
(Netfilter) -> Core Netfilter Configuration -> Netfilter connection
tracking support
--
gentoo-user@lists.gentoo.org mailing list
 
Old 01-17-2008, 04:23 PM
Konstantinos Agouros
 
Default DNAT not working

In <200801162013.49843.alan.mckinnon@gmail.com> alan.mckinnon@gmail.com (Alan McKinnon) writes:

>On Wednesday 16 January 2008, Konstantinos Agouros wrote:
>> In <200801161423.38386.alan.mckinnon@gmail.com>
>alan.mckinnon@gmail.com (Alan McKinnon) writes:

>> >Most likely he doesn't have the correct module loaded int he kernel
>>
>> As I said, the fact that iptables -L (after a fresh reboot) does not
>> do anything puzzles me a bit. What would be the right module in Your
>> opinion? Also is there a kernel configuration option I might have
>> overseen?

>nat needs the following config at least:

>Networking -> Networking Options -> Network packet filtering framework
>(Netfilter) -> IP: Netfilter Configuration -> Full NAT

>and the options below it

>the modules that load on my machine after running that same iptbales
>command are:

>xt_tcpudp 3712 1
>iptable_nat 7812 1
>nf_nat 20524 1 iptable_nat
>nf_conntrack_ipv4 18952 2 iptable_nat
>nf_conntrack 66376 3 iptable_nat,nf_nat,nf_conntrack_ipv4
>nfnetlink 6424 3 nf_nat,nf_conntrack_ipv4,nf_conntrack
>ip_tables 14284 1 iptable_nat
>x_tables 15748 3 xt_tcpudp,iptable_nat,ip_tables

This is what I have:

Module Size Used by
iptable_filter 6400 1
iptable_nat 10116 0
ip_tables 14404 2 iptable_filter,iptable_nat
nf_nat 19116 1 iptable_nat
x_tables 14084 2 iptable_nat,ip_tables
nf_conntrack_ipv4 11908 2 iptable_nat
nf_conntrack 53192 3 iptable_nat,nf_nat,nf_conntrack_ipv4
nfnetlink 8088 3 nf_nat,nf_conntrack_ipv4,nf_conntrack


xt_tcpudp is the difference as it seems


>alan

>--
>Alan McKinnon
>alan dot mckinnon at gmail dot com
>--
>gentoo-user@lists.gentoo.org mailing list

--
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres
--
gentoo-user@lists.gentoo.org mailing list
 
Old 01-17-2008, 04:23 PM
Konstantinos Agouros
 
Default DNAT not working

In <200801162019.40781.shrdlu@unlimitedmail.org> shrdlu@unlimitedmail.org (Etaoin Shrdlu) writes:

>On Wednesday 16 January 2008, Alan McKinnon wrote:

>> nat needs the following config at least:
>>
>> Networking -> Networking Options -> Network packet filtering framework
>> (Netfilter) -> IP: Netfilter Configuration -> Full NAT
>>
>> and the options below it

>I guess it also needs some kind of connection tracking, like
>NF_CONNTRACK_ENABLED:

>Networking -> Networking Options -> Network packet filtering framework
>(Netfilter) -> Core Netfilter Configuration -> Netfilter connection
>tracking support
got that:

CONFIG_NF_CONNTRACK_ENABLED=m

>--
>gentoo-user@lists.gentoo.org mailing list

--
Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: elwood@agouros.de
Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres
--
gentoo-user@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 03:44 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org