From: Florian Westphal <fw@strlen.de>
To: ѽ҉ᶬḳ℠ <vtol@gmx.net>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>,
Florian Westphal <fw@strlen.de>
Subject: Re: [nft 0.9.3 | kernel 5.4.48] cannot get NAT to work
Date: Tue, 23 Jun 2020 23:52:39 +0200 [thread overview]
Message-ID: <20200623215239.GT26990@breakpoint.cc> (raw)
In-Reply-To: <cf63c2f8-3aaf-9af6-739e-8928b803fb8c@gmx.net>
ѽ҉ᶬḳ℠ <vtol@gmx.net> wrote:
> On 23/06/2020 21:23, Florian Westphal wrote:
> > ѽ҉ᶬḳ℠ <vtol@gmx.net> wrote:
> > > Since the ruleset that worked with kernel 4.19 did not anymore with kernel
> > > 5.4 (throwing segfault) I started from scratch to see what gives.
> > >
> > > nft add table inet filter
> > > nft add chain inet filter input { type filter hook input priority 0 \; }
> > > nft add chain inet filter forward { type filter hook forward priority 0 \; }
> > > nft add chain inet filter output { type filter hook output priority 0 \;
> > > }
> > > nft add table inet nat
> > >
> > > Thus far good and then things go awry and the output does not help to
> > > understand what might be wrong:
> > >
> > > nft add chain inet nat prerouting { type nat hook prerouting priority \-100
> > > \; }
> > > nft: unrecognized option: 1
> > If you use the shell, you should use single-quote for the entire
> > arguments. nft 'add chain ...'
> >
> > here, nft thinks you passed '-1' as an option.
>
> Thanks for the pointer, I just copied that from the wiki though...
I've changed quoting style to nft 'add chain ...'.
> > > Error: Could not process rule: No such file or directory
> > inet nat depends on CONFIG_NF_TABLES_INET.
>
> That is apparently enabled in the kernel
>
> xzgrep NF_TABLES /proc/config.gz
> CONFIG_NF_TABLES=m
> CONFIG_NF_TABLES_SET=m
> CONFIG_NF_TABLES_INET=y
yup, looks good.
next prev parent reply other threads:[~2020-06-23 21:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-23 20:38 [nft 0.9.3 | kernel 5.4.48] cannot get NAT to work ѽ҉ᶬḳ℠
2020-06-23 21:23 ` Florian Westphal
2020-06-23 21:34 ` ѽ҉ᶬḳ℠
2020-06-23 21:52 ` Florian Westphal [this message]
2020-06-23 22:12 ` ѽ҉ᶬḳ℠
2020-06-23 22:48 ` Florian Westphal
2020-06-23 23:11 ` ѽ҉ᶬḳ℠
2020-06-24 8:14 ` Florian Westphal
2020-06-24 8:47 ` ѽ҉ᶬḳ℠
2020-06-24 8:53 ` Florian Westphal
2020-06-24 8:59 ` ѽ҉ᶬḳ℠
2020-06-25 1:45 ` Duncan Roe
2020-06-25 7:13 ` ѽ҉ᶬḳ℠
2020-06-25 8:45 ` ѽ҉ᶬḳ℠
2020-06-26 3:28 ` Duncan Roe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200623215239.GT26990@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter@vger.kernel.org \
--cc=vtol@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.