[Bug 1359] New: nft 0.9.1 - table family inet, chain type nat, fails to auto-load modules

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sun Aug 4 17:31:59 CEST 2019 

https://bugzilla.netfilter.org/show_bug.cgi?id=1359

            Bug ID: 1359
           Summary: nft 0.9.1 - table family inet, chain type nat, fails
                    to auto-load modules
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: other
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: james at nurealm.net

Arch Linux
linux 5.2.5.arch1-1
nftables 1:0.9.1-1

For clarity, removing any nat rules, then:

...
table inet nats {

        chain prenats   { type nat hook prerouting priority -100;

        }

        chain postnats  { type nat hook postrouting priority 100;

        }
}
...

$ sudo /etc/nftables.conf
/etc/nftables.conf:374:8-14: Error: Could not process rule: No such file or
directory
        chain prenats   { type nat hook prerouting priority -100;
              ^^^^^^^
/etc/nftables.conf:395:8-15: Error: Could not process rule: No such file or
directory
        chain postnats  { type nat hook postrouting priority 100;
              ^^^^^^^^

$ lsmod |grep nft
nft_log                16384  0
nft_limit              16384  0
nft_ct                 20480  0
nf_conntrack          163840  1 nft_ct
nf_tables             163840  4 nft_ct,nft_log,nft_limit,nf_tables_set

Edit:

table inet nats {  -> table ip nats {

$ sudo /etc/nftables.conf

$ lsmod |grep nft
nft_chain_nat          16384  2
nf_nat                 53248  1 nft_chain_nat
nft_log                16384  3
nft_limit              16384  2
nft_ct                 20480  2
nf_conntrack          163840  2 nf_nat,nft_ct
nf_tables             163840  101 
 nft_ct,nft_log,nft_chain_nat,nft_limit,nf_tables_set

Edit, back the way it was:

table ip nats {  -> table inet nats {

Now, it works fine:

$ sudo /etc/nftables.conf

The same set of modules:

$ lsmod |grep nft
nft_chain_nat          16384  0
nf_nat                 53248  1 nft_chain_nat
nft_log                16384  3
nft_limit              16384  2
nft_ct                 20480  2
nf_conntrack          163840  2 nf_nat,nft_ct
nf_tables             163840  101 
 nft_ct,nft_log,nft_chain_nat,nft_limit,nf_tables_set


Why were nft_chain_nat and nf_nat not auto loaded?

Is this a kernel problem?  Or an nftables problem?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190804/72021e97/attachment.html>

More information about the netfilter-buglog mailing list