bugzilla-daemon at netfilter.org
2019-Aug-04 15:31 UTC
[Bug 1359] New: nft 0.9.1 - table family inet, chain type nat, fails to auto-load modules
https://bugzilla.netfilter.org/show_bug.cgi?id=1359
Bug ID: 1359
Summary: nft 0.9.1 - table family inet, chain type nat, fails
to auto-load modules
Product: nftables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: james at nurealm.net
Arch Linux
linux 5.2.5.arch1-1
nftables 1:0.9.1-1
For clarity, removing any nat rules, then:
...
table inet nats {
chain prenats { type nat hook prerouting priority -100;
}
chain postnats { type nat hook postrouting priority 100;
}
}
...
$ sudo /etc/nftables.conf
/etc/nftables.conf:374:8-14: Error: Could not process rule: No such file or
directory
chain prenats { type nat hook prerouting priority -100;
^^^^^^^
/etc/nftables.conf:395:8-15: Error: Could not process rule: No such file or
directory
chain postnats { type nat hook postrouting priority 100;
^^^^^^^^
$ lsmod |grep nft
nft_log 16384 0
nft_limit 16384 0
nft_ct 20480 0
nf_conntrack 163840 1 nft_ct
nf_tables 163840 4 nft_ct,nft_log,nft_limit,nf_tables_set
Edit:
table inet nats { -> table ip nats {
$ sudo /etc/nftables.conf
$ lsmod |grep nft
nft_chain_nat 16384 2
nf_nat 53248 1 nft_chain_nat
nft_log 16384 3
nft_limit 16384 2
nft_ct 20480 2
nf_conntrack 163840 2 nf_nat,nft_ct
nf_tables 163840 101
nft_ct,nft_log,nft_chain_nat,nft_limit,nf_tables_set
Edit, back the way it was:
table ip nats { -> table inet nats {
Now, it works fine:
$ sudo /etc/nftables.conf
The same set of modules:
$ lsmod |grep nft
nft_chain_nat 16384 0
nf_nat 53248 1 nft_chain_nat
nft_log 16384 3
nft_limit 16384 2
nft_ct 20480 2
nf_conntrack 163840 2 nf_nat,nft_ct
nf_tables 163840 101
nft_ct,nft_log,nft_chain_nat,nft_limit,nf_tables_set
Why were nft_chain_nat and nf_nat not auto loaded?
Is this a kernel problem? Or an nftables problem?
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190804/72021e97/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 11:20 UTC
[Bug 1359] nft 0.9.1 - table family inet, chain type nat, fails to auto-load modules
https://bugzilla.netfilter.org/show_bug.cgi?id=1359
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to James Feeney from comment #0)> Arch Linux
> linux 5.2.5.arch1-1
> nftables 1:0.9.1-1
>
> For clarity, removing any nat rules, then:
>
> ...
> table inet nats {
>
> chain prenats { type nat hook prerouting priority -100;
>
> }
>
> chain postnats { type nat hook postrouting priority 100;
>
> }
> }
> ...
>
> $ sudo /etc/nftables.conf
> /etc/nftables.conf:374:8-14: Error: Could not process rule: No such file or
> directory
> chain prenats { type nat hook prerouting priority -100;
> ^^^^^^^
> /etc/nftables.conf:395:8-15: Error: Could not process rule: No such file or
> directory
> chain postnats { type nat hook postrouting priority 100;
> ^^^^^^^^
>
> $ lsmod |grep nft
> nft_log 16384 0
> nft_limit 16384 0
> nft_ct 20480 0
> nf_conntrack 163840 1 nft_ct
> nf_tables 163840 4 nft_ct,nft_log,nft_limit,nf_tables_set
>
> Edit:
>
> table inet nats { -> table ip nats {
>
> $ sudo /etc/nftables.conf
>
> $ lsmod |grep nft
> nft_chain_nat 16384 2
> nf_nat 53248 1 nft_chain_nat
> nft_log 16384 3
> nft_limit 16384 2
> nft_ct 20480 2
> nf_conntrack 163840 2 nf_nat,nft_ct
> nf_tables 163840 101
> nft_ct,nft_log,nft_chain_nat,nft_limit,nf_tables_set
>
> Edit, back the way it was:
>
> table ip nats { -> table inet nats {
>
> Now, it works fine:
>
> $ sudo /etc/nftables.conf
>
> The same set of modules:
>
> $ lsmod |grep nft
> nft_chain_nat 16384 0
> nf_nat 53248 1 nft_chain_nat
> nft_log 16384 3
> nft_limit 16384 2
> nft_ct 20480 2
> nf_conntrack 163840 2 nf_nat,nft_ct
> nf_tables 163840 101
> nft_ct,nft_log,nft_chain_nat,nft_limit,nf_tables_set
>
>
> Why were nft_chain_nat and nf_nat not auto loaded?
>
> Is this a kernel problem? Or an nftables problem?
Maybe forgot to enable CONFIG_NFT_NAT in your .config kernel file?
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/d83635a7/attachment-0001.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 14:57 UTC
[Bug 1359] nft 0.9.1 - table family inet, chain type nat, fails to auto-load modules
https://bugzilla.netfilter.org/show_bug.cgi?id=1359
James Feeney <james at nurealm.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #2 from James Feeney <james at nurealm.net> ---
Thanks for the note. Well, it seems to be working fine now, so let's just
close this.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/94604a35/attachment-0001.html>
Apparently Analagous Threads
- [PATCH v2] Fix: buffer overflow during hvc_alloc().
- [Bug 1402] New: Race errors with nft
- [PATCH] Fix: buffer overflow during hvc_alloc().
- [Bug 1390] New: iptables -m string not working with --algo bm and OUTPUT chain under 5.3.x
- [Bug 1065] New: NOTRACK is not supported in nft