Re: [gentoo-user] DNAT not working
In [EMAIL PROTECTED] [EMAIL PROTECTED] (Alan McKinnon) writes: On Friday 18 January 2008, Konstantinos Agouros wrote: xt_tcpudp is the difference as it seems verified it that was the problem. For whatever reason I forgot to configure module autoloading into the kernel. Perhaps you used an old .config and that option name has changed? Actually quite the opposite. This machine was set up rather fresh. I think this is deactivated after a fresh install of gentoo-sources and make menuconfig. Konstantin alan -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: [EMAIL PROTECTED] Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 Captain, this ship will not survive the forming of the cosmos. B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
In [EMAIL PROTECTED] [EMAIL PROTECTED] (Konstantinos Agouros) writes: In [EMAIL PROTECTED] [EMAIL PROTECTED] (Alan McKinnon) writes: On Wednesday 16 January 2008, Konstantinos Agouros wrote: In [EMAIL PROTECTED] [EMAIL PROTECTED] (Alan McKinnon) writes: Most likely he doesn't have the correct module loaded int he kernel As I said, the fact that iptables -L (after a fresh reboot) does not do anything puzzles me a bit. What would be the right module in Your opinion? Also is there a kernel configuration option I might have overseen? nat needs the following config at least: Networking - Networking Options - Network packet filtering framework (Netfilter) - IP: Netfilter Configuration - Full NAT and the options below it the modules that load on my machine after running that same iptbales command are: xt_tcpudp 3712 1 iptable_nat 7812 1 nf_nat 20524 1 iptable_nat nf_conntrack_ipv4 18952 2 iptable_nat nf_conntrack 66376 3 iptable_nat,nf_nat,nf_conntrack_ipv4 nfnetlink 6424 3 nf_nat,nf_conntrack_ipv4,nf_conntrack ip_tables 14284 1 iptable_nat x_tables 15748 3 xt_tcpudp,iptable_nat,ip_tables This is what I have: Module Size Used by iptable_filter 6400 1 iptable_nat10116 0 ip_tables 14404 2 iptable_filter,iptable_nat nf_nat 19116 1 iptable_nat x_tables 14084 2 iptable_nat,ip_tables nf_conntrack_ipv4 11908 2 iptable_nat nf_conntrack 53192 3 iptable_nat,nf_nat,nf_conntrack_ipv4 nfnetlink 8088 3 nf_nat,nf_conntrack_ipv4,nf_conntrack xt_tcpudp is the difference as it seems verified it that was the problem. For whatever reason I forgot to configure module autoloading into the kernel. alan -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: [EMAIL PROTECTED] Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 Captain, this ship will not survive the forming of the cosmos. B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: [EMAIL PROTECTED] Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 Captain, this ship will not survive the forming of the cosmos. B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
On Friday 18 January 2008, Konstantinos Agouros wrote: xt_tcpudp is the difference as it seems verified it that was the problem. For whatever reason I forgot to configure module autoloading into the kernel. Perhaps you used an old .config and that option name has changed? alan -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
In [EMAIL PROTECTED] [EMAIL PROTECTED] (Etaoin Shrdlu) writes: On Wednesday 16 January 2008, Alan McKinnon wrote: nat needs the following config at least: Networking - Networking Options - Network packet filtering framework (Netfilter) - IP: Netfilter Configuration - Full NAT and the options below it I guess it also needs some kind of connection tracking, like NF_CONNTRACK_ENABLED: Networking - Networking Options - Network packet filtering framework (Netfilter) - Core Netfilter Configuration - Netfilter connection tracking support got that: CONFIG_NF_CONNTRACK_ENABLED=m -- gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: [EMAIL PROTECTED] Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 Captain, this ship will not survive the forming of the cosmos. B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
In [EMAIL PROTECTED] [EMAIL PROTECTED] (Alan McKinnon) writes: On Wednesday 16 January 2008, Konstantinos Agouros wrote: In [EMAIL PROTECTED] [EMAIL PROTECTED] (Alan McKinnon) writes: Most likely he doesn't have the correct module loaded int he kernel As I said, the fact that iptables -L (after a fresh reboot) does not do anything puzzles me a bit. What would be the right module in Your opinion? Also is there a kernel configuration option I might have overseen? nat needs the following config at least: Networking - Networking Options - Network packet filtering framework (Netfilter) - IP: Netfilter Configuration - Full NAT and the options below it the modules that load on my machine after running that same iptbales command are: xt_tcpudp 3712 1 iptable_nat 7812 1 nf_nat 20524 1 iptable_nat nf_conntrack_ipv4 18952 2 iptable_nat nf_conntrack 66376 3 iptable_nat,nf_nat,nf_conntrack_ipv4 nfnetlink 6424 3 nf_nat,nf_conntrack_ipv4,nf_conntrack ip_tables 14284 1 iptable_nat x_tables 15748 3 xt_tcpudp,iptable_nat,ip_tables This is what I have: Module Size Used by iptable_filter 6400 1 iptable_nat10116 0 ip_tables 14404 2 iptable_filter,iptable_nat nf_nat 19116 1 iptable_nat x_tables 14084 2 iptable_nat,ip_tables nf_conntrack_ipv4 11908 2 iptable_nat nf_conntrack 53192 3 iptable_nat,nf_nat,nf_conntrack_ipv4 nfnetlink 8088 3 nf_nat,nf_conntrack_ipv4,nf_conntrack xt_tcpudp is the difference as it seems alan -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: [EMAIL PROTECTED] Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 Captain, this ship will not survive the forming of the cosmos. B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
On Sunday 13 January 2008, Konstantinos Agouros wrote: Hi, I have a box running vmware server where I need some DNAT rules to get traffic from a vm to where it belongs. Inserting the rule iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j DNAT --to-destination destaddr gives me: iptables: No chain/target/match by that name before --dport you may need the match option: -m --dport 1234 -j DNAT You might also need to specify a policy for PREROUTING before inserting the rule (but I'm not sure). Try these suggestions one at a time and see what gives. HTH. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] DNAT not working
On Wednesday 16 January 2008, Mick wrote: On Sunday 13 January 2008, Konstantinos Agouros wrote: Hi, I have a box running vmware server where I need some DNAT rules to get traffic from a vm to where it belongs. Inserting the rule iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j DNAT --to-destination destaddr gives me: iptables: No chain/target/match by that name before --dport you may need the match option: -m --dport 1234 -j DNAT no, his syntax is OK You might also need to specify a policy for PREROUTING before inserting the rule (but I'm not sure). Try these suggestions one at a time and see what gives. That doesn't matter, a chain always has a policy (ACCEPT by default). Most likely he doesn't have the correct module loaded int he kernel -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
In [EMAIL PROTECTED] [EMAIL PROTECTED] (Alan McKinnon) writes: On Wednesday 16 January 2008, Mick wrote: On Sunday 13 January 2008, Konstantinos Agouros wrote: Hi, I have a box running vmware server where I need some DNAT rules to get traffic from a vm to where it belongs. Inserting the rule iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j DNAT --to-destination destaddr gives me: iptables: No chain/target/match by that name before --dport you may need the match option: -m --dport 1234 -j DNAT no, his syntax is OK You might also need to specify a policy for PREROUTING before inserting the rule (but I'm not sure). Try these suggestions one at a time and see what gives. That doesn't matter, a chain always has a policy (ACCEPT by default). Most likely he doesn't have the correct module loaded int he kernel As I said, the fact that iptables -L (after a fresh reboot) does not do anything puzzles me a bit. What would be the right module in Your opinion? Also is there a kernel configuration option I might have overseen? Regards, Konstantin -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: [EMAIL PROTECTED] Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 Captain, this ship will not survive the forming of the cosmos. B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
On Wednesday 16 January 2008, Konstantinos Agouros wrote: In [EMAIL PROTECTED] [EMAIL PROTECTED] (Alan McKinnon) writes: Most likely he doesn't have the correct module loaded int he kernel As I said, the fact that iptables -L (after a fresh reboot) does not do anything puzzles me a bit. What would be the right module in Your opinion? Also is there a kernel configuration option I might have overseen? nat needs the following config at least: Networking - Networking Options - Network packet filtering framework (Netfilter) - IP: Netfilter Configuration - Full NAT and the options below it the modules that load on my machine after running that same iptbales command are: xt_tcpudp 3712 1 iptable_nat 7812 1 nf_nat 20524 1 iptable_nat nf_conntrack_ipv4 18952 2 iptable_nat nf_conntrack 66376 3 iptable_nat,nf_nat,nf_conntrack_ipv4 nfnetlink 6424 3 nf_nat,nf_conntrack_ipv4,nf_conntrack ip_tables 14284 1 iptable_nat x_tables 15748 3 xt_tcpudp,iptable_nat,ip_tables alan -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
On Wednesday 16 January 2008, Alan McKinnon wrote: nat needs the following config at least: Networking - Networking Options - Network packet filtering framework (Netfilter) - IP: Netfilter Configuration - Full NAT and the options below it I guess it also needs some kind of connection tracking, like NF_CONNTRACK_ENABLED: Networking - Networking Options - Network packet filtering framework (Netfilter) - Core Netfilter Configuration - Netfilter connection tracking support -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
In [EMAIL PROTECTED] [EMAIL PROTECTED] (Daniel Iliev) writes: On Sun, 13 Jan 2008 20:01:04 + (UTC) Konstantinos Agouros [EMAIL PROTECTED] wrote: Hi, =20 I have a box running vmware server where I need some DNAT rules to get traffic from a vm to where it belongs. Inserting the rule iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j DNAT --to-destination destaddr =20 gives me: =20 iptables: No chain/target/match by that name =20 Also I had to manually modprobe iptable_nat since iptables -L didn't initialize everything. I rebuilt iptables to match the current kernel (2.6.23-gentoo-r3) no luck. Strace on the command showed me setsockopt(3, SOL_IP, 0x40 /* IP_??? */, nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0..., 920) =3D -1 ENOENT (No such file or directory) =20 Anybody got an idea what I am doing from? =20 Regards, =20 Konstantin I believe you've forgotten to build support for NAT in your kernel: Nope that's not it grep IP_NF_IPTABLES .config CONFIG_IP_NF_IPTABLES=m And it's not that I can't insert anything in the chain. It's --dport that gets me the error message. I played around and started with inserting a blank rule. =E2=94=82 Symbol: IP_NF_IPTABLES [=3Dm] =E2=94=82 Prompt: IP tables support (required for filtering/masq/NAT) =E2=94=82 Defined at net/ipv4/netfilter/Kconfig:45=20 =E2=94=82 Depends on: NET INET NETFILTER=20 =E2=94=82 Location: =E2=94=82 - Networking =E2=94=82 - Networking support (NET [=3Dy])=20 =E2=94=82 - Networking options =E2=94=82 - Network packet filtering framework (Netfilter) (NETFILTER [=3D= y])=20 =E2=94=82 - IP: Netfilter Configuration=20 =E2=94=82 Selects: NETFILTER_XTABLES --=20 Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list -- Dipl-Inf. Konstantin Agouros aka Elwood Blues. Internet: [EMAIL PROTECTED] Otkerstr. 28, 81547 Muenchen, Germany. Tel +49 89 69370185 Captain, this ship will not survive the forming of the cosmos. B'Elana Torres -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] DNAT not working
On Sun, 13 Jan 2008 20:01:04 + (UTC) Konstantinos Agouros [EMAIL PROTECTED] wrote: Hi, I have a box running vmware server where I need some DNAT rules to get traffic from a vm to where it belongs. Inserting the rule iptables -t nat -I PREROUTING -s ... -d ... -p tcp --dport ... -j DNAT --to-destination destaddr gives me: iptables: No chain/target/match by that name Also I had to manually modprobe iptable_nat since iptables -L didn't initialize everything. I rebuilt iptables to match the current kernel (2.6.23-gentoo-r3) no luck. Strace on the command showed me setsockopt(3, SOL_IP, 0x40 /* IP_??? */, nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0..., 920) = -1 ENOENT (No such file or directory) Anybody got an idea what I am doing from? Regards, Konstantin I believe you've forgotten to build support for NAT in your kernel: │ Symbol: IP_NF_IPTABLES [=m] │ Prompt: IP tables support (required for filtering/masq/NAT) │ Defined at net/ipv4/netfilter/Kconfig:45 │ Depends on: NET INET NETFILTER │ Location: │ - Networking │ - Networking support (NET [=y]) │ - Networking options │ - Network packet filtering framework (Netfilter) (NETFILTER [=y]) │ - IP: Netfilter Configuration │ Selects: NETFILTER_XTABLES -- Best regards, Daniel -- gentoo-user@lists.gentoo.org mailing list
