Your message dated Fri, 17 Oct 2014 15:09:14 +0100
with message-id <[email protected]>
and subject line CONFIG_IP_NF_NAT has been enabled
has caused the Debian Bug report #762458,
regarding linux-image-3.17-rc5-amd64: nat failure with iptables
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
762458: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762458
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: linux-image-3.17-rc5-amd64
Version: 3.17~rc5-1~exp1
Severity: normal
hi, can the following be a kernel problem?
I'll explain a bit, it's got to do with the iptables command..
(fwiw, there's a bug with the lsb-functions, 40-systemd which is instead
this can be used to test rules.v4
iptables-restore < /etc/iptables/rules.v4
)
output,
"iptables-restore v1.4.21: iptables-restore: unable to initialize table
'nat'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more
information "
all basic nat modules I can come up with modprobe are loaded, but
iptables continues to fail, I checked if NAT is compiled
/boot/config-3.17-rc5-amd64
"lsmod |grep nat
act_nat 12501 0
nft_chain_nat_ipv4 12552 0
nft_nat 12507 0
nf_tables 54396 2 nft_chain_nat_ipv4,nft_nat
nf_nat_ipv4 12912 1 nft_chain_nat_ipv4
nf_nat_ipv6 12920 0
nf_nat 18241 4
nft_chain_nat_ipv4,nft_nat,nf_nat_ipv4,nf_nat_ipv6
nf_conntrack 87476 5
nf_nat,nf_nat_ipv4,nf_nat_ipv6,nf_conntrack_ipv4,nf_conntrack_ipv6 "
so it looks like everything is compiled and loads, but iptables fails
for v4. fwiw, the ip6tables loads properly for rules.v6..
If I recall the previous kernel in testing(vmlinuz-3.16-2-amd64) can
have the iptables load ipv4 rules timely without issue
--- End Message ---
--- Begin Message ---
Version: 3.17-1~exp1
In Linux 3.17, CONFIG_NF_NAT_IPV4 was renamed to CONFIG_IP_NF_NAT.
The new config option was enabled in the above Debian version.
Ben.
--
Ben Hutchings
Humour is the best antidote to reality.
--- End Message ---
