On Thu, Dec 10, 2015 at 10:00:04AM +0800, Jack Lin wrote: > hi all, > i think the version of kernel is ok, why it printed "Error: Could not process rule: No such file or directory" when i inputed "nft add rule table123 natpre tcp dport 22 redirect to 2222". > i configured it followed "http://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)" > > root@debian:/bin# ^C > root@debian:/bin# cat /proc/version > Linux version 4.2.0-1-amd64 (debian-kernel@xxxxxxxxxxxxxxxx) (gcc version 4.9.3 (Debian 4.9.3-8) ) #1 SMP Debian 4.2.6-3 (2015-12-06) > root@debian:/bin# nft -v > nftables v0.5 (Support Edward Snowden) > root@debian:/bin# nft list table table123 -a > table ip table123 { > chain pre { > type filter hook prerouting priority 0; policy accept; > } > chain post { > type filter hook postrouting priority 0; policy accept; > } > chain natpre { > type nat hook prerouting priority 0; policy accept; > } > chain natpost { > type nat hook postrouting priority 0; policy accept; > } > } > root@debian:/bin# nft add rule table123 natpost ip saddr 10.68.166.44 ip protocol icmp snat 10.68.166.45 > root@debian:/bin# nft add rule table123 natpre redirect > <cmdline>:1:1-33: Error: Could not process rule: No such file or directory > add rule table123 natpre redirect > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > root@debian:/bin# nft add rule table123 natpre tcp dport 22 redirect to 2222 > <cmdline>:1:1-54: Error: Could not process rule: No such file or directory > add rule table123 natpre tcp dport 22 redirect to 2222 > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > root@debian:/bin# > > root@debian:/lib/modules/4.2.0-1-amd64/kernel/net/netfilter# lsmod |grep nf > nft_counter 16384 1 > nft_reject 16384 0 > nft_ct 16384 0 > nf_conntrack_amanda 16384 0 > nf_nat_redirect 16384 0 > nft_redir 16384 0 I don't see the nft_redir_ipv4 module here, does your kernel support this? Could you check if: modprobe nft_redir_ipv4 works? Anyway, this should really work without manual module modprobing. > nft_nat 16384 1 > nft_chain_nat_ipv4 16384 4 > nf_conntrack_ipv4 20480 1 > nf_defrag_ipv4 16384 1 nf_conntrack_ipv4 > nf_nat_ipv4 16384 1 nft_chain_nat_ipv4 > nf_nat 24576 3 nf_nat_redirect,nft_nat,nf_nat_ipv4 > nf_conntrack 110592 5 nf_nat,nft_ct,nf_nat_ipv4,nf_conntrack_amanda,nf_conntrack_ipv4 > nf_tables_ipv4 16384 4 > nf_tables 69632 15 nf_tables_ipv4,nft_chain_nat_ipv4,nft_nat,nft_ct,nft_redir,nft_counter > nfnetlink 16384 1 nf_tables > binfmt_misc 20480 1 > nfsd 282624 2 > auth_rpcgss 57344 1 nfsd > nfs_acl 16384 1 nfsd > nfs 249856 0 > lockd 90112 2 nfs,nfsd > grace 16384 2 nfsd,lockd > fscache 61440 1 nfs > sunrpc 327680 6 nfs,nfsd,auth_rpcgss,lockd,nfs_acl > tpm_infineon 20480 0 > tpm 40960 2 tpm_tis,tpm_infineon > root@debian:/lib/modules/4.2.0-1-amd64/kernel/net/netfilter# ^C -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
