OpenVZ Forum: Support » *SOLVED* CentOS 5

Home » General » Support » *SOLVED* CentOS 5 - IPTables NAT problem

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

*SOLVED* CentOS 5 - IPTables NAT problem [message #24848]

Tue, 11 December 2007 10:55

Thomasd
Messages: 39
Registered: December 2007

Member

latest version of the kernel

# uname -r
2.6.18-53.el5.028stab051.1

# iptables -t nat -L
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

# lsmod | grep nat
<nothing>

# modprobe -l | grep ip_nat
/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/netf ilter/ip_nat_tftp.ko
/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/netf ilter/ip_nat_sip.ko
/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/netf ilter/ip_nat_pptp.ko
/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/netf ilter/ip_nat_irc.ko
/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/netf ilter/ip_nat_h323.ko
/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/netf ilter/ip_nat_ftp.ko
/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/netf ilter/ip_nat_snmp_basic.ko
/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/netf ilter/ip_nat.ko
/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/netf ilter/ip_nat_amanda.ko

# modprobe ip_nat
WARNING: Error inserting ip_conntrack (/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/net filter/ip_conntrack.ko): Unknown symbol in module, or unknown parameter (see dmesg)
FATAL: Error inserting ip_nat (/lib/modules/2.6.18-53.el5.028stab051.1/kernel/net/ipv4/net filter/ip_nat.ko): Unknown symbol in module, or unknown parameter (see dmesg)

# dmesg -c
ip_conntrack: parameter ip_conntrack_enable_ve0 is obsoleted. In ovzkernel >= 2.6.15 connection tracking on hardware node is enabled by default, use ip_conntrack_disable_ve0=1 parameter to disable.
ip_conntrack: Unknown parameter `='
ip_nat: Unknown symbol invert_tuplepr
ip_nat: Unknown symbol ip_conntrack_untracked
ip_nat: Unknown symbol ip_conntrack_htable_size
ip_nat: Unknown symbol ip_conntrack_tcp_update
ip_nat: Unknown symbol ip_conntrack_tuple_taken
ip_nat: Unknown symbol ip_ct_get_tuple
ip_nat: Unknown symbol ip_conntrack_alter_reply
ip_nat: Unknown symbol __ip_conntrack_proto_find
ip_nat: Unknown symbol ip_ct_iterate_cleanup

In short, I am trying to use NAT so that I can have several virtual machines using one IP, but it seem like the NAT table just doesn't work.

When I look on google, I've seen others with the same issue, but no obvious fix.

[Updated on: Tue, 11 December 2007 20:13] by Moderator

Report message to a moderator

Re: CentOS 5 - IPTables NAT problem [message #24867 is a reply to message #24848]

Tue, 11 December 2007 14:14

vaverin
Messages: 708
Registered: September 2005

Senior Member

It looks like conntracks are disabled on HW node.
We recommend to disable connection tracking on HW node, but if You want to use this functionality please check the following places:

Could you please:
- show cat /proc/modprobe.conf file (options for ip_conntrack)
- modinfo ip_conntrack (it explain the exact option name and its default value)

thank you,
Vasily Averin

Report message to a moderator

Re: CentOS 5 - IPTables NAT problem [message #24899 is a reply to message #24867]

Tue, 11 December 2007 19:58

Thomasd
Messages: 39
Registered: December 2007

Member

it works!

here was the problem:

I had "options ip_conntrack ip_conntrack_enable_ve0 = 1"

but the spaces around the '=' were causing improper parameters to be passed to the ip_conntrack module.

Report message to a moderator

Previous Topic:	iptables doesn't start
Next Topic:	question

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Tue Nov 05 15:49:58 GMT 2024

Total time taken to generate the page: 0.03544 seconds