From: Florian Westphal <fw@strlen.de>
To: ѽ҉ᶬḳ℠ <vtol@gmx.net>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>,
Florian Westphal <fw@strlen.de>
Subject: Re: [nft 0.9.3 | kernel 5.4.48] cannot get NAT to work
Date: Tue, 23 Jun 2020 23:52:39 +0200 [thread overview]
Message-ID: <20200623215239.GT26990@breakpoint.cc> (raw)
In-Reply-To: <cf63c2f8-3aaf-9af6-739e-8928b803fb8c@gmx.net>
ѽ҉ᶬḳ℠ <vtol@gmx.net> wrote:
> On 23/06/2020 21:23, Florian Westphal wrote:
> > ѽ҉ᶬḳ℠ <vtol@gmx.net> wrote:
> > > Since the ruleset that worked with kernel 4.19 did not anymore with kernel
> > > 5.4 (throwing segfault) I started from scratch to see what gives.
> > >
> > > nft add table inet filter
> > > nft add chain inet filter input { type filter hook input priority 0 \; }
> > > nft add chain inet filter forward { type filter hook forward priority 0 \; }
> > > nft add chain inet filter output { type filter hook output priority 0 \;
> > > }
> > > nft add table inet nat
> > >
> > > Thus far good and then things go awry and the output does not help to
> > > understand what might be wrong:
> > >
> > > nft add chain inet nat prerouting { type nat hook prerouting priority \-100
> > > \; }
> > > nft: unrecognized option: 1
> > If you use the shell, you should use single-quote for the entire
> > arguments. nft 'add chain ...'
> >
> > here, nft thinks you passed '-1' as an option.
>
> Thanks for the pointer, I just copied that from the wiki though...
I've changed quoting style to nft 'add chain ...'.
> > > Error: Could not process rule: No such file or directory
> > inet nat depends on CONFIG_NF_TABLES_INET.
>
> That is apparently enabled in the kernel
>
> xzgrep NF_TABLES /proc/config.gz
> CONFIG_NF_TABLES=m
> CONFIG_NF_TABLES_SET=m
> CONFIG_NF_TABLES_INET=y
yup, looks good.
next prev parent reply other threads:[~2020-06-23 21:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-23 20:38 [nft 0.9.3 | kernel 5.4.48] cannot get NAT to work ѽ҉ᶬḳ℠
2020-06-23 21:23 ` Florian Westphal
2020-06-23 21:34 ` ѽ҉ᶬḳ℠
2020-06-23 21:52 ` Florian Westphal [this message]
2020-06-23 22:12 ` ѽ҉ᶬḳ℠
2020-06-23 22:48 ` Florian Westphal
2020-06-23 23:11 ` ѽ҉ᶬḳ℠
2020-06-24 8:14 ` Florian Westphal
2020-06-24 8:47 ` ѽ҉ᶬḳ℠
2020-06-24 8:53 ` Florian Westphal
2020-06-24 8:59 ` ѽ҉ᶬḳ℠
2020-06-25 1:45 ` Duncan Roe
2020-06-25 7:13 ` ѽ҉ᶬḳ℠
2020-06-25 8:45 ` ѽ҉ᶬḳ℠
2020-06-26 3:28 ` Duncan Roe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200623215239.GT26990@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter@vger.kernel.org \
--cc=vtol@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox