[Bug 1359] nft 0.9.1 - table family inet, chain type nat, fails to auto-load modules

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Jul 22 13:20:33 CEST 2020 

https://bugzilla.netfilter.org/show_bug.cgi?id=1359

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to James Feeney from comment #0)
> Arch Linux
> linux 5.2.5.arch1-1
> nftables 1:0.9.1-1
> 
> For clarity, removing any nat rules, then:
> 
> ...
> table inet nats {
> 
>         chain prenats   { type nat hook prerouting priority -100;
> 
>         }
> 
>         chain postnats  { type nat hook postrouting priority 100;
> 
>         }
> }
> ...
> 
> $ sudo /etc/nftables.conf
> /etc/nftables.conf:374:8-14: Error: Could not process rule: No such file or
> directory
>         chain prenats   { type nat hook prerouting priority -100;
>               ^^^^^^^
> /etc/nftables.conf:395:8-15: Error: Could not process rule: No such file or
> directory
>         chain postnats  { type nat hook postrouting priority 100;
>               ^^^^^^^^
> 
> $ lsmod |grep nft
> nft_log                16384  0
> nft_limit              16384  0
> nft_ct                 20480  0
> nf_conntrack          163840  1 nft_ct
> nf_tables             163840  4 nft_ct,nft_log,nft_limit,nf_tables_set
> 
> Edit:
> 
> table inet nats {  -> table ip nats {
> 
> $ sudo /etc/nftables.conf
> 
> $ lsmod |grep nft
> nft_chain_nat          16384  2
> nf_nat                 53248  1 nft_chain_nat
> nft_log                16384  3
> nft_limit              16384  2
> nft_ct                 20480  2
> nf_conntrack          163840  2 nf_nat,nft_ct
> nf_tables             163840  101 
>  nft_ct,nft_log,nft_chain_nat,nft_limit,nf_tables_set
> 
> Edit, back the way it was:
> 
> table ip nats {  -> table inet nats {
> 
> Now, it works fine:
> 
> $ sudo /etc/nftables.conf
> 
> The same set of modules:
> 
> $ lsmod |grep nft
> nft_chain_nat          16384  0
> nf_nat                 53248  1 nft_chain_nat
> nft_log                16384  3
> nft_limit              16384  2
> nft_ct                 20480  2
> nf_conntrack          163840  2 nf_nat,nft_ct
> nf_tables             163840  101 
>  nft_ct,nft_log,nft_chain_nat,nft_limit,nf_tables_set
> 
> 
> Why were nft_chain_nat and nf_nat not auto loaded?
> 
> Is this a kernel problem?  Or an nftables problem?

Maybe forgot to enable CONFIG_NFT_NAT in your .config kernel file?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/d83635a7/attachment-0001.html>

More information about the netfilter-buglog mailing list