Proxmox 5 - Missing iptables NAT

Discussion in 'Proxmox VE: Networking and Firewall' started by christheradioguy, May 15, 2018.

  1. christheradioguy

    christheradioguy New Member

    Joined:
    May 15, 2018
    Messages:
    3
    Likes Received:
    0
    Hi all,

    Having an issue where the iptable_nat modules seem to be missing from my Proxmox VE 5 installation. I am trying to run the following command:

    iptables -t nat -A PREROUTING -o vmbr4 -s 172.31.255.254 -j SNAT --to-source 185.1.95.62

    but get the error:
    iptables v1.6.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded

    I've tried to use insmod as suggested but get the following:
    insmod iptable_nat
    insmod: ERROR: could not load module iptable_nat: No such file or directory

    Any idea how I can enable NAT support on the host?

    Thanks in advance!
     
  2. hackmann

    hackmann Member
    Proxmox VE Subscriber

    Joined:
    Jan 6, 2013
    Messages:
    47
    Likes Received:
    3
    Hello, install the UFW Firewall. I think it can .I think it can do it-
     
  3. fabian

    fabian Proxmox Staff Member
    Staff Member

    Joined:
    Jan 7, 2016
    Messages:
    3,054
    Likes Received:
    464
    could you please include "pveversion -v"? iptables should work out of the box..

    please don't.
     
  4. hackmann

    hackmann Member
    Proxmox VE Subscriber

    Joined:
    Jan 6, 2013
    Messages:
    47
    Likes Received:
    3
    why not? I use UFW on 2 servers. They have been running for years.or used the command ebtables?
     
  5. fabian

    fabian Proxmox Staff Member
    Staff Member

    Joined:
    Jan 7, 2016
    Messages:
    3,054
    Likes Received:
    464
    you can use whatever you want to manage your firewall rules (although depending on your choice, you might need to disable PVE's firewall management).

    but installing ufw won't solve the issue in this thread, so it is entirely unrelated?
     
  6. hackmann

    hackmann Member
    Proxmox VE Subscriber

    Joined:
    Jan 6, 2013
    Messages:
    47
    Likes Received:
    3
    ok, thanks
     
  7. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,123
    Likes Received:
    264
    # modprobe iptable_nat

    (insmod needs full path to find the module)
     
  8. fabian

    fabian Proxmox Staff Member
    Staff Member

    Joined:
    Jan 7, 2016
    Messages:
    3,054
    Likes Received:
    464
    but iptables should auto-load the needed kernel modules:

    Code:
    $ lsmod | grep iptable                                                                                
    iptable_filter         16384  1
    iptable_mangle         16384  1
    iptable_nat            16384  1
    nf_nat_ipv4            16384  1 iptable_nat
    ip_tables              28672  3 iptable_mangle,iptable_filter,iptable_nat
    x_tables               40960  20 xt_comment,xt_multiport,ipt_REJECT,iptable_mangle,ip_tables,ebtables,iptable_filter,xt_set,xt_mark,xt_mac,xt_tcpudp,ipt_MASQUERADE,ip6t_REJECT,xt_CHECKSUM,ip6table_filter,xt_addrtype,xt_physdev,xt_conntrack,ip6_tables,xt_NFLOG
    
    $ iptables -t security -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    $ lsmod | grep iptable
    iptable_security       16384  0
    iptable_filter         16384  1
    iptable_mangle         16384  1
    iptable_nat            16384  1
    nf_nat_ipv4            16384  1 iptable_nat
    ip_tables              28672  4 iptable_mangle,iptable_filter,iptable_nat,iptable_security
    x_tables               40960  21 xt_comment,xt_multiport,ipt_REJECT,iptable_mangle,ip_tables,ebtables,iptable_filter,xt_set,xt_mark,xt_mac,xt_tcpudp,ipt_MASQUERADE,ip6t_REJECT,iptable_security,xt_CHECKSUM,ip6table_filter,xt_addrtype,xt_physdev,xt_conntrack,ip6_tables,xt_NFLOG
    
     
  9. hackmann

    hackmann Member
    Proxmox VE Subscriber

    Joined:
    Jan 6, 2013
    Messages:
    47
    Likes Received:
    3
  10. christheradioguy

    christheradioguy New Member

    Joined:
    May 15, 2018
    Messages:
    3
    Likes Received:
    0
    Thanks for the replies, here is my output of pveversion -v


    proxmox-ve: 5.1-43 (running kernel: 4.16.0-rc4+)
    pve-manager: 5.1-52 (running version: 5.1-52/ba597a64)
    pve-kernel-4.13: 5.1-44
    pve-kernel-4.15: 5.1-4
    pve-kernel-4.15.17-1-pve: 4.15.17-8
    pve-kernel-4.13.16-2-pve: 4.13.16-48
    pve-kernel-4.13.13-6-pve: 4.13.13-42
    pve-kernel-4.13.13-5-pve: 4.13.13-38
    corosync: 2.4.2-pve5
    criu: 2.11.1-1~bpo90
    glusterfs-client: 3.8.8-1
    ksm-control-daemon: not correctly installed
    libjs-extjs: 6.0.1-2
    libpve-access-control: 5.0-8
    libpve-apiclient-perl: 2.0-4
    libpve-common-perl: 5.0-31
    libpve-guest-common-perl: 2.0-15
    libpve-http-server-perl: 2.0-8
    libpve-storage-perl: 5.0-21
    libqb0: 1.0.1-1
    lvm2: 2.02.168-pve6
    lxc-pve: 3.0.0-3
    lxcfs: 3.0.0-1
    novnc-pve: 0.6-4
    proxmox-widget-toolkit: 1.0-17
    pve-cluster: 5.0-27
    pve-container: 2.0-22
    pve-docs: 5.1-17
    pve-firewall: 3.0-8
    pve-firmware: 2.0-4
    pve-ha-manager: 2.0-5
    pve-i18n: 1.0-4
    pve-libspice-server1: 0.12.8-3
    pve-qemu-kvm: 2.11.1-5
    pve-xtermjs: 1.0-3
    qemu-server: 5.0-25
    smartmontools: 6.5+svn4324-1
    spiceterm: 3.0-5
    vncterm: 1.5-3
     
  11. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,123
    Likes Received:
    264
    You run a non pve kernel (4.16.0-rc4+), so you need to ask the developers of that kernel ...

    Or simply boot into a pve kernel.
     
  12. christheradioguy

    christheradioguy New Member

    Joined:
    May 15, 2018
    Messages:
    3
    Likes Received:
    0
    This was an install on top of Debian 9, I followed the instructions at: https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Stretch which I thought booted into the PVE kernel by default, perhaps that's not the case.

    I'll double check my GRUB settings and see if I can force the system to boot into the PVE kernel.

    Thanks!
     
  13. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,123
    Likes Received:
    264
    Not really, because debian 9 uses kernel 4.9.0 (not 4.16.0).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice