Hi!
I'm using the image (PiTFT28R_raspbian140620_2014_08_25.img) in my Raspberry Pi model B+ with a PiTFT resistive
But I can't do NAT with the PiTFT kernel installed (3.15.3+)
When I try...
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
It returns...
iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
How I can add support for NAT in the kernel?
Thanks
Missing modules:
FATAL: Module ipt_REDIRECT not found.
FATAL: Module iptable_nat not found.
FATAL: Module ip_nat_ftp not found.
NAT in PiTFT kernel
Moderators: adafruit_support_bill, adafruit
Forum rules
Talk about Adafruit Raspberry Pi® accessories! Please do not ask for Linux support, this is for Adafruit products only! For Raspberry Pi help please visit: http://www.raspberrypi.org/phpBB3/
Talk about Adafruit Raspberry Pi® accessories! Please do not ask for Linux support, this is for Adafruit products only! For Raspberry Pi help please visit: http://www.raspberrypi.org/phpBB3/
- adafruit_support_mike
- Posts: 67485
- Joined: Thu Feb 11, 2010 2:51 pm
Re: NAT in PiTFT kernel
Hmm.. what do you get from `sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"`?
- h1_ffm
- Posts: 1
- Joined: Fri Sep 05, 2014 3:16 am
Re: NAT in PiTFT kernel
Dear Support,
I have the same problem.
I need iptable_nat as in standart kernel "2014-06-20-wheezy-raspbian.img" is available. Is there a reason why in your packages iptable_nat not supported?
I have the same problem.
I need iptable_nat as in standart kernel "2014-06-20-wheezy-raspbian.img" is available. Is there a reason why in your packages iptable_nat not supported?
- GregRob
- Posts: 12
- Joined: Mon May 05, 2014 9:34 pm
Re: NAT in PiTFT kernel
I am also having the same problem. Other IPtables commands are fine, it is only the "iptables -t nat..." commands that have errors.
the output when I ran the "sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" command was nothing
the output when I ran the "sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" command was nothing
- adafruit_support_mike
- Posts: 67485
- Joined: Thu Feb 11, 2010 2:51 pm
Re: NAT in PiTFT kernel
In this case, 'nothing' is good.
What do you get from `sysctl net.ipv4.ip_forward`?
What do you get from `sysctl net.ipv4.ip_forward`?
- GregRob
- Posts: 12
- Joined: Mon May 05, 2014 9:34 pm
Re: NAT in PiTFT kernel
From:
sysctl net.ipv4.ip_forward
I get:
net.ipv4.ip_forward = 1
sysctl net.ipv4.ip_forward
I get:
net.ipv4.ip_forward = 1
- adafruit_support_mike
- Posts: 67485
- Joined: Thu Feb 11, 2010 2:51 pm
Re: NAT in PiTFT kernel
Okay, that means the kernel contains the NAT components and they're active.
Let's see what actually exists in your NAT configuration at the moment. What do you get from `iptables-save`?
Let's see what actually exists in your NAT configuration at the moment. What do you get from `iptables-save`?
- GregRob
- Posts: 12
- Joined: Mon May 05, 2014 9:34 pm
Re: NAT in PiTFT kernel
From iptable save I get the following:
sudo iptables-save
# Generated by iptables-save v1.4.14 on Tue Sep 16 08:19:09 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:Cid4169X7816.0 - [0:0]
:Cid4169X7816.1 - [0:0]
:Cid4476X7816.0 - [0:0]
:Cid4476X7816.1 - [0:0]
:In_RULE_0 - [0:0]
:RULE_1 - [0:0]
:RULE_4 - [0:0]
:RULE_5 - [0:0]
:RULE_6 - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.252/32 -i eth0 -m state --state NEW -j In_RULE_0
-A INPUT -s 192.168.5.1/32 -i eth0 -m state --state NEW -j In_RULE_0
-A INPUT -s 192.168.0.252/32 -i wlan0 -m state --state NEW -j In_RULE_0
-A INPUT -s 192.168.5.1/32 -i wlan0 -m state --state NEW -j In_RULE_0
-A INPUT -s 192.168.5.1/32 -d 192.168.0.252/32 -j RULE_1
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -d 192.168.0.252/32 -m state --state NEW -j Cid4169X7816.1
-A INPUT -d 255.255.255.255/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A INPUT -d 0.0.0.0/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A INPUT -d 192.168.5.1/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A INPUT -s 192.168.5.1/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_5
-A INPUT -d 192.168.5.1/32 -m state --state NEW -j Cid4476X7816.1
-A INPUT -d 192.168.5.1/32 -p tcp -m tcp --dport 2222 -m state --state NEW -j ACCEPT
-A INPUT -s 192.168.0.252/32 -m state --state NEW -j ACCEPT
-A INPUT -s 192.168.5.1/32 -m state --state NEW -j ACCEPT
-A INPUT -m state --state NEW -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.252/32 -i eth0 -m state --state NEW -j In_RULE_0
-A FORWARD -s 192.168.5.1/32 -i eth0 -m state --state NEW -j In_RULE_0
-A FORWARD -s 192.168.0.252/32 -i wlan0 -m state --state NEW -j In_RULE_0
-A FORWARD -s 192.168.5.1/32 -i wlan0 -m state --state NEW -j In_RULE_0
-A FORWARD -m state --state NEW -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.5.1/32 -d 192.168.0.252/32 -j RULE_1
-A OUTPUT -o lo -m state --state NEW -j ACCEPT
-A OUTPUT -d 192.168.0.252/32 -m state --state NEW -j Cid4169X7816.0
-A OUTPUT -d 255.255.255.255/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A OUTPUT -d 0.0.0.0/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A OUTPUT -d 192.168.5.1/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A OUTPUT -s 192.168.5.1/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_5
-A OUTPUT -d 192.168.5.1/32 -m state --state NEW -j Cid4476X7816.0
-A OUTPUT -d 192.168.5.1/32 -p tcp -m tcp --dport 2222 -m state --state NEW -j ACCEPT
-A OUTPUT -m state --state NEW -j ACCEPT
-A OUTPUT -m state --state NEW -j DROP
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 11/0 -j ACCEPT
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 11/1 -j ACCEPT
-A Cid4169X7816.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 11/0 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 11/1 -j ACCEPT
-A Cid4169X7816.1 -p tcp -m tcp --dport 22 -j ACCEPT
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 3 -j RULE_6
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 0/0 -j RULE_6
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 8/0 -j RULE_6
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 11/0 -j RULE_6
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 11/1 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 3 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 0/0 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 8/0 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 11/0 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 11/1 -j RULE_6
-A In_RULE_0 -j LOG --log-prefix "RULE 0 -- DENY " --log-level 6
-A In_RULE_0 -j DROP
-A RULE_1 -j LOG --log-prefix "RULE 1 -- DENY " --log-level 6
-A RULE_1 -j DROP
-A RULE_4 -j LOG --log-prefix "RULE 4 -- ACCEPT " --log-level 6
-A RULE_4 -j ACCEPT
-A RULE_5 -j LOG --log-prefix "RULE 5 -- ACCEPT " --log-level 6
-A RULE_5 -j ACCEPT
-A RULE_6 -j LOG --log-prefix "RULE 6 -- ACCEPT " --log-level 6
-A RULE_6 -j ACCEPT
COMMIT
# Completed on Tue Sep 16 08:19:09 2014
As I said, the firewall is generally working, it is only NAT rules that fail.
At the moment I have a single nat rule in the script that starts the firewall, and the following is that line, and the response:
sudo iptables -t nat -A PREROUTING -p tcp -m tcp -d 192.168.5.1 --dport 22 -j DNAT --to-destination :2222
iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
sudo iptables-save
# Generated by iptables-save v1.4.14 on Tue Sep 16 08:19:09 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:Cid4169X7816.0 - [0:0]
:Cid4169X7816.1 - [0:0]
:Cid4476X7816.0 - [0:0]
:Cid4476X7816.1 - [0:0]
:In_RULE_0 - [0:0]
:RULE_1 - [0:0]
:RULE_4 - [0:0]
:RULE_5 - [0:0]
:RULE_6 - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.252/32 -i eth0 -m state --state NEW -j In_RULE_0
-A INPUT -s 192.168.5.1/32 -i eth0 -m state --state NEW -j In_RULE_0
-A INPUT -s 192.168.0.252/32 -i wlan0 -m state --state NEW -j In_RULE_0
-A INPUT -s 192.168.5.1/32 -i wlan0 -m state --state NEW -j In_RULE_0
-A INPUT -s 192.168.5.1/32 -d 192.168.0.252/32 -j RULE_1
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -d 192.168.0.252/32 -m state --state NEW -j Cid4169X7816.1
-A INPUT -d 255.255.255.255/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A INPUT -d 0.0.0.0/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A INPUT -d 192.168.5.1/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A INPUT -s 192.168.5.1/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_5
-A INPUT -d 192.168.5.1/32 -m state --state NEW -j Cid4476X7816.1
-A INPUT -d 192.168.5.1/32 -p tcp -m tcp --dport 2222 -m state --state NEW -j ACCEPT
-A INPUT -s 192.168.0.252/32 -m state --state NEW -j ACCEPT
-A INPUT -s 192.168.5.1/32 -m state --state NEW -j ACCEPT
-A INPUT -m state --state NEW -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.252/32 -i eth0 -m state --state NEW -j In_RULE_0
-A FORWARD -s 192.168.5.1/32 -i eth0 -m state --state NEW -j In_RULE_0
-A FORWARD -s 192.168.0.252/32 -i wlan0 -m state --state NEW -j In_RULE_0
-A FORWARD -s 192.168.5.1/32 -i wlan0 -m state --state NEW -j In_RULE_0
-A FORWARD -m state --state NEW -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.5.1/32 -d 192.168.0.252/32 -j RULE_1
-A OUTPUT -o lo -m state --state NEW -j ACCEPT
-A OUTPUT -d 192.168.0.252/32 -m state --state NEW -j Cid4169X7816.0
-A OUTPUT -d 255.255.255.255/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A OUTPUT -d 0.0.0.0/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A OUTPUT -d 192.168.5.1/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_4
-A OUTPUT -s 192.168.5.1/32 -p udp -m udp -m multiport --dports 68,67 -m state --state NEW -j RULE_5
-A OUTPUT -d 192.168.5.1/32 -m state --state NEW -j Cid4476X7816.0
-A OUTPUT -d 192.168.5.1/32 -p tcp -m tcp --dport 2222 -m state --state NEW -j ACCEPT
-A OUTPUT -m state --state NEW -j ACCEPT
-A OUTPUT -m state --state NEW -j DROP
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 11/0 -j ACCEPT
-A Cid4169X7816.0 -p icmp -m icmp --icmp-type 11/1 -j ACCEPT
-A Cid4169X7816.0 -p tcp -m tcp --dport 22 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 0/0 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 8/0 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 11/0 -j ACCEPT
-A Cid4169X7816.1 -p icmp -m icmp --icmp-type 11/1 -j ACCEPT
-A Cid4169X7816.1 -p tcp -m tcp --dport 22 -j ACCEPT
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 3 -j RULE_6
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 0/0 -j RULE_6
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 8/0 -j RULE_6
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 11/0 -j RULE_6
-A Cid4476X7816.0 -p icmp -m icmp --icmp-type 11/1 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 3 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 0/0 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 8/0 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 11/0 -j RULE_6
-A Cid4476X7816.1 -p icmp -m icmp --icmp-type 11/1 -j RULE_6
-A In_RULE_0 -j LOG --log-prefix "RULE 0 -- DENY " --log-level 6
-A In_RULE_0 -j DROP
-A RULE_1 -j LOG --log-prefix "RULE 1 -- DENY " --log-level 6
-A RULE_1 -j DROP
-A RULE_4 -j LOG --log-prefix "RULE 4 -- ACCEPT " --log-level 6
-A RULE_4 -j ACCEPT
-A RULE_5 -j LOG --log-prefix "RULE 5 -- ACCEPT " --log-level 6
-A RULE_5 -j ACCEPT
-A RULE_6 -j LOG --log-prefix "RULE 6 -- ACCEPT " --log-level 6
-A RULE_6 -j ACCEPT
COMMIT
# Completed on Tue Sep 16 08:19:09 2014
As I said, the firewall is generally working, it is only NAT rules that fail.
At the moment I have a single nat rule in the script that starts the firewall, and the following is that line, and the response:
sudo iptables -t nat -A PREROUTING -p tcp -m tcp -d 192.168.5.1 --dport 22 -j DNAT --to-destination :2222
iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
- GregRob
- Posts: 12
- Joined: Mon May 05, 2014 9:34 pm
Re: NAT in PiTFT kernel
Also for a more, "simple" nat command, simply trying to list the content of the nat table:
sudo iptables -t nat -L -n
iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded..
sudo iptables -t nat -L -n
iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded..
- GregRob
- Posts: 12
- Joined: Mon May 05, 2014 9:34 pm
Re: NAT in PiTFT kernel
It is my understanding that forwarding and NAting are different things. Forwarding is a basic router function that has nothing to do with changing IP addresses, but rather simply allows IPs from 1 subnet to be forwarded to another subnet. NAT is a function in iptables that allows IP addresses from 1 subnet to be translated to IP address on another subnet. Perhaps NAT requires forwarding, but the presense of forwarding in the kernel does not indicate NAT is present.
With that in mind, and looking at the iptables functions I found the following, which is curious:
sudo cat /proc/net/ip_tables_names
filter
Wheras if I try that command on another Pi that is running the current raspbian kernel I get:
sudo cat /proc/net/ip_tables_names
nat
mangle
filter
I need another SD card so I can try this on a fresh install on the Adafruit PiTFT image, but I was hoping that is what you were trying. What do you get when you try, "sudo cat /proc/net/ip_tables_names"?
With that in mind, and looking at the iptables functions I found the following, which is curious:
sudo cat /proc/net/ip_tables_names
filter
Wheras if I try that command on another Pi that is running the current raspbian kernel I get:
sudo cat /proc/net/ip_tables_names
nat
mangle
filter
I need another SD card so I can try this on a fresh install on the Adafruit PiTFT image, but I was hoping that is what you were trying. What do you get when you try, "sudo cat /proc/net/ip_tables_names"?
- adafruit_support_mike
- Posts: 67485
- Joined: Thu Feb 11, 2010 2:51 pm
Re: NAT in PiTFT kernel
Hmm.. let's see if the kernel has activated the NAT module: what do you get from `lsmod | grep nat`?
- GregRob
- Posts: 12
- Joined: Mon May 05, 2014 9:34 pm
Re: NAT in PiTFT kernel
Ok so first from Pi running PiTFT kernel:
~ $ lsmod | grep nat
ebtable_nat 1608 0
ebtables 16584 1 ebtable_nat
ebt_dnat 1119 0
ebt_snat 1228 0
act_nat 3516 0
x_tables 16875 10 ip_tables,xt_tcpudp,xt_state,xt_conntrack,xt_LOG,xt_multiport,iptable_filter,ebt_dnat,ebt_snat,ebtables
And then from a machine running Raspbian kernel:
~ $ lsmod | grep nat
xt_nat 1770 1
iptable_nat 2595 1
nf_nat_ipv4 3622 1 iptable_nat
nf_nat 14710 4 ipt_MASQUERADE,nf_nat_ipv4,xt_nat,iptable_nat
nf_conntrack 86703 8 ipt_MASQUERADE,nf_nat,xt_state,nf_nat_ipv4,nf_conntrack_ftp,nf_conntrack_irc,iptable_nat,nf_conntrack_ipv4
ip_tables 11725 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 17020 12 xt_DSCP,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_limit,xt_state,xt_LOG,xt_nat,xt_multiport,iptable_filter,ipt_REJECT,iptable_mangle
And a couple more commands on the PiTFT machine:
~ $ lsmod | grep iptable
iptable_filter 1481 1
ip_tables 11459 1 iptable_filter
x_tables 16875 10 ip_tables,xt_tcpudp,xt_state,xt_conntrack,xt_LOG,xt_multiport,iptable_filter,ebt_dnat,ebt_snat,ebtables
~ $ sudo find / -name iptable_nat
~ $
And on the Raspbian image:
~ $ lsmod | grep iptable
iptable_nat 2595 1
nf_nat_ipv4 3622 1 iptable_nat
iptable_mangle 1506 0
nf_nat 14710 4 ipt_MASQUERADE,nf_nat_ipv4,xt_nat,iptable_nat
nf_conntrack 86703 8 ipt_MASQUERADE,nf_nat,xt_state,nf_nat_ipv4,nf_conntrack_ftp,nf_conntrack_irc,iptable_nat,nf_conntrack_ipv4
iptable_filter 1508 1
ip_tables 11725 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 17020 12 xt_DSCP,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_limit,xt_state,xt_LOG,xt_nat,xt_multiport,iptable_filter,ipt_REJECT,iptable_mangle
~ $ sudo find / -name iptable_nat
/sys/module/ip_tables/holders/iptable_nat
/sys/module/nf_nat/holders/iptable_nat
/sys/module/nf_nat_ipv4/holders/iptable_nat
/sys/module/nf_conntrack/holders/iptable_nat
/sys/module/iptable_nat
~ $ lsmod | grep nat
ebtable_nat 1608 0
ebtables 16584 1 ebtable_nat
ebt_dnat 1119 0
ebt_snat 1228 0
act_nat 3516 0
x_tables 16875 10 ip_tables,xt_tcpudp,xt_state,xt_conntrack,xt_LOG,xt_multiport,iptable_filter,ebt_dnat,ebt_snat,ebtables
And then from a machine running Raspbian kernel:
~ $ lsmod | grep nat
xt_nat 1770 1
iptable_nat 2595 1
nf_nat_ipv4 3622 1 iptable_nat
nf_nat 14710 4 ipt_MASQUERADE,nf_nat_ipv4,xt_nat,iptable_nat
nf_conntrack 86703 8 ipt_MASQUERADE,nf_nat,xt_state,nf_nat_ipv4,nf_conntrack_ftp,nf_conntrack_irc,iptable_nat,nf_conntrack_ipv4
ip_tables 11725 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 17020 12 xt_DSCP,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_limit,xt_state,xt_LOG,xt_nat,xt_multiport,iptable_filter,ipt_REJECT,iptable_mangle
And a couple more commands on the PiTFT machine:
~ $ lsmod | grep iptable
iptable_filter 1481 1
ip_tables 11459 1 iptable_filter
x_tables 16875 10 ip_tables,xt_tcpudp,xt_state,xt_conntrack,xt_LOG,xt_multiport,iptable_filter,ebt_dnat,ebt_snat,ebtables
~ $ sudo find / -name iptable_nat
~ $
And on the Raspbian image:
~ $ lsmod | grep iptable
iptable_nat 2595 1
nf_nat_ipv4 3622 1 iptable_nat
iptable_mangle 1506 0
nf_nat 14710 4 ipt_MASQUERADE,nf_nat_ipv4,xt_nat,iptable_nat
nf_conntrack 86703 8 ipt_MASQUERADE,nf_nat,xt_state,nf_nat_ipv4,nf_conntrack_ftp,nf_conntrack_irc,iptable_nat,nf_conntrack_ipv4
iptable_filter 1508 1
ip_tables 11725 3 iptable_filter,iptable_mangle,iptable_nat
x_tables 17020 12 xt_DSCP,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_limit,xt_state,xt_LOG,xt_nat,xt_multiport,iptable_filter,ipt_REJECT,iptable_mangle
~ $ sudo find / -name iptable_nat
/sys/module/ip_tables/holders/iptable_nat
/sys/module/nf_nat/holders/iptable_nat
/sys/module/nf_nat_ipv4/holders/iptable_nat
/sys/module/nf_conntrack/holders/iptable_nat
/sys/module/iptable_nat
- huckw
- Posts: 2
- Joined: Thu Sep 18, 2014 1:34 pm
Re: NAT in PiTFT kernel
I have the same problem! I used the "DIY installer script". Screen and all works just as advertised but when setting up wireless access point according to adafruit tutorial i get the same error as OP when I do...
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Sorry if its bad to post a "me too" reply like this.
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Sorry if its bad to post a "me too" reply like this.
- GregRob
- Posts: 12
- Joined: Mon May 05, 2014 9:34 pm
Re: NAT in PiTFT kernel
It's interesting to note that this other forum post also is mentioning missing modules in the current PiTFT kernel:
viewtopic.php?f=50&t=60255&p=304896&hilit=pitft#p304896
viewtopic.php?f=50&t=60255&p=304896&hilit=pitft#p304896
- GregRob
- Posts: 12
- Joined: Mon May 05, 2014 9:34 pm
Re: NAT in PiTFT kernel
Ok, so I was able to get another SD card today and fresh installed the ready to use PiTFT image, "http://adafruit-download.s3.amazonaws.c ... _08_25.zip"
1) I booted it, changed the default user password, expanded the file system and rebooted.
2) I did an upgrade as follows:
sudo apt-get update
sudo apt-get upgrade
sudo reboot
3) After this reboot I then tried listing the iptables, and got the following results
pi@raspberrypi ~ $ sudo iptables -t filter -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
pi@raspberrypi ~ $ sudo iptables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
pi@raspberrypi ~ $ sudo iptables -t nat -L -n
iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
It seems to me that the nat module has not been compiled in the kernel in this image.
1) I booted it, changed the default user password, expanded the file system and rebooted.
2) I did an upgrade as follows:
sudo apt-get update
sudo apt-get upgrade
sudo reboot
3) After this reboot I then tried listing the iptables, and got the following results
pi@raspberrypi ~ $ sudo iptables -t filter -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
pi@raspberrypi ~ $ sudo iptables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
pi@raspberrypi ~ $ sudo iptables -t nat -L -n
iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
It seems to me that the nat module has not been compiled in the kernel in this image.
Forum rules
Talk about Adafruit Raspberry Pi® accessories! Please do not ask for Linux support, this is for Adafruit products only! For Raspberry Pi help please visit: http://www.raspberrypi.org/phpBB3/
Talk about Adafruit Raspberry Pi® accessories! Please do not ask for Linux support, this is for Adafruit products only! For Raspberry Pi help please visit: http://www.raspberrypi.org/phpBB3/