> given all counters are 0 i would guess you use an older kernel
> where nft nat and iptables nat cannot coexist.
>
> I suspect you need to unload iptable_nat module.
Thanks for the tip.
As for the kernel, I have:
Linux orangepizero 5.4.20-sunxi #20.02.1 SMP Mon Feb 17 02:09:41 CET
2020 armv7l GNU/Linux
lsmod|grep -i table
ip_tables 24576 0
x_tables 20480 1 ip_tables
I can see ip_tables module, but not iptable_nat module:
lsmod |grep ip|grep table
ip_tables 24576 0
x_tables 20480 1 ip_tables
Once I launch my nft command, I get the same:
lsmod |grep ip|grep table
ip_tables 24576 0
x_tables 20480 1 ip_tables
Once I launch my old ip_tables commands, I then get:
poddingue@orangepizero:~$ lsmod|grep -i table
nf_tables 98304 86 nft_compat,nft_chain_nat,nft_counter
nfnetlink 16384 2 nft_compat,nf_tables
ip_tables 24576 0
x_tables 20480 4 ip_tables,nft_compat,xt_tcpudp,xt_REDIRECT
iptable_nat exists, but is not in use:
sudo modprobe iptable_nat
poddingue@orangepizero:~$ lsmod |grep ip|grep table
iptable_nat 16384 0
nf_nat 32768 1 iptable_nat
ip_tables 24576 1 iptable_nat
x_tables 20480 1 ip_tables
And I can remove it:
sudo modprobe -r iptable_nat
I can't remember which command I use to have this output:
table ip filter {
chain INPUT {
type filter hook input priority 0; policy accept;
}
chain FORWARD {
type filter hook forward priority 0; policy accept;
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
}
}
You suggested me to get rid of this part, but I can't remember where
this came from, unfortunately.
Thanks for your time and patience,
--
Bruno Verachten
