Bug#765691: marked as done (linux-image-3.17-rc5-amd64: nat failure with iptables)

To: Ben Hutchings <ben@decadent.org.uk>
Subject: Bug#765691: marked as done (linux-image-3.17-rc5-amd64: nat failure with iptables)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 17 Oct 2014 14:12:11 +0000
Message-id: <[🔎] handler.765691.D762458.14135549581201.ackdone@bugs.debian.org>
References: <20141017140914.GB5094@decadent.org.uk> <[🔎] 5440F9F1.7010003@videotron.ca>

Your message dated Fri, 17 Oct 2014 15:09:14 +0100
with message-id <20141017140914.GB5094@decadent.org.uk>
and subject line CONFIG_IP_NF_NAT has been enabled
has caused the Debian Bug report #762458,
regarding linux-image-3.17-rc5-amd64: nat failure with iptables
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
762458: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762458
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org

Subject: linux-image-3.17-rc5-amd64: nat failure with iptables

From: westlake <westlake2012@videotron.ca>

Date: Fri, 17 Oct 2014 07:13:53 -0400

Message-id: <[🔎] 5440F9F1.7010003@videotron.ca>
Package: linux-image-3.17-rc5-amd64
Version: 3.17~rc5-1~exp1
Severity: normal

hi, can the following be a kernel problem?
I'll explain a bit, it's got to do with the iptables command..
(fwiw, there's a bug with the lsb-functions, 40-systemd which is insteadthis can be used to test rules.v4
iptables-restore < /etc/iptables/rules.v4
)

output,
"iptables-restore v1.4.21: iptables-restore: unable to initialize table'nat'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for moreinformation "
all basic nat modules I can come up with modprobe are loaded, butiptables continues to fail, I checked if NAT is compiled/boot/config-3.17-rc5-amd64
"lsmod |grep nat
act_nat                12501  0
nft_chain_nat_ipv4     12552  0
nft_nat                12507  0
nf_tables              54396  2 nft_chain_nat_ipv4,nft_nat
nf_nat_ipv4            12912  1 nft_chain_nat_ipv4
nf_nat_ipv6            12920  0
nf_nat 18241 4nft_chain_nat_ipv4,nft_nat,nf_nat_ipv4,nf_nat_ipv6nf_conntrack 87476 5nf_nat,nf_nat_ipv4,nf_nat_ipv6,nf_conntrack_ipv4,nf_conntrack_ipv6 "
so it looks like everything is compiled and loads, but iptables failsfor v4. fwiw, the ip6tables loads properly for rules.v6..
If I recall the previous kernel in testing(vmlinuz-3.16-2-amd64) canhave the iptables load ipv4 rules timely without issue
--- End Message ---

--- Begin Message ---

To: 762458-done@bugs.debian.org

Subject: CONFIG_IP_NF_NAT has been enabled

From: Ben Hutchings <ben@decadent.org.uk>

Date: Fri, 17 Oct 2014 15:09:14 +0100

Message-id: <20141017140914.GB5094@decadent.org.uk>
Version: 3.17-1~exp1

In Linux 3.17, CONFIG_NF_NAT_IPV4 was renamed to CONFIG_IP_NF_NAT.
The new config option was enabled in the above Debian version.

Ben.

-- 
Ben Hutchings
Humour is the best antidote to reality.
--- End Message ---

Reply to:

References:
- Bug#765691: linux-image-3.17-rc5-amd64: nat failure with iptables
  - From: westlake <westlake2012@videotron.ca>

Prev by Date: Bug#762921: marked as done (linux-image-3.17-rc5-amd64: Kernel netfilter modules lack NAT support)
Next by Date: Processed: Re: Bug#765717: linux-image-3.16-2-amd64: High CPU load with linux-image-3.16-2-amd64
Previous by thread: Bug#765691: linux-image-3.17-rc5-amd64: nat failure with iptables
Next by thread: Bug#765717: linux-image-3.16-2-amd64: High CPU load with linux-image-3.16-2-amd64
Index(es):
- Date
- Thread