Re: [nft 0.9.3 | kernel 5.4.48] cannot get NAT to work

[ѽ҉ᶬḳ℠ <vtol@xxxxxxx>]

On 24/06/2020 08:14, Florian Westphal wrote:
> ѽ҉ᶬḳ℠ <vtol@xxxxxxx> wrote:
> > Afraid, neither variation works, each throwing
> >
> > /etc/fw/test.conf:2:15-24: Error: Could not process rule: No such file or
> > directory
> >          chain prerouting {
> >                ^^^^^^^^^^
> > /etc/fw/test.conf:6:15-19: Error: Could not process rule: No such file or
> > directory
> >          chain input {
> >                ^^^^^
> > /etc/fw/test.conf:10:15-20: Error: Could not process rule: No such file or
> > directory
> >          chain output {
> >                ^^^^^^
> > /etc/fw/test.conf:14:15-25: Error: Could not process rule: No such file or
> > directory
> >          chain postrouting {
> >                ^^^^^^^^^^^
> >
> > Don't know whether txt attachments are accepted on this ML but enclosed full
> > debug output (if its gets through), through it does not seem to reveal
> > anything useful?
> No.
>
> > Could this be a bug in the kernel?
> Its a kernel bug, or misconfiguration. Nat hook is provided via
>
>   modinfo nft_chain_nat
>   filename:
>   /lib/modules/5.6.18/kernel/net/netfilter/nft_chain_nat.ko.gz
>   alias:          nft-chain-1-nat
>   alias:          nft-chain-10-nat
>   alias:          nft-chain-2-nat
>   license:        GPL
>   srcversion:     45E82B99D3993871BD6131E
>   depends:        nf_nat,nf_tables
>   intree:         Y
>   name:           nft_chain_nat
>   vermagic:       5.6.18 SMP preempt mod_unload modversions

Getting somewhere now, unless there are different kconf flags in 5.6 for 
building that module, least on this node with 5.4:

modinfo: ERROR: Module alias nft_chain_nat not found.

Which kconf flag is supposed to generate that particular module? Looked 
into https://github.com/torvalds/linux/blob/v5.4/net/netfilter/Kconfig 
but could not find something specific that builds that module.

This node's repo ships:

kmod-nft-core:
/lib/modules/5.4.48/nft_reject.ko
/lib/modules/5.4.48/nft_reject_ipv4.ko
/lib/modules/5.4.48/nf_tables_set.ko
/lib/modules/5.4.48/nft_numgen.ko
/lib/modules/5.4.48/nft_counter.ko
/lib/modules/5.4.48/nft_reject_ipv6.ko
/lib/modules/5.4.48/nft_ct.ko
/lib/modules/5.4.48/nf_tables.ko
/lib/modules/5.4.48/nft_redir.ko
/lib/modules/5.4.48/nft_limit.ko
/lib/modules/5.4.48/nft_hash.ko
/lib/modules/5.4.48/nft_objref.ko
/lib/modules/5.4.48/nft_reject_inet.ko
/lib/modules/5.4.48/nft_quota.ko
/lib/modules/5.4.48/nft_log.ko

kmod-nft-nat:
/lib/modules/5.4.48/nft_masq.ko
/lib/modules/5.4.48/nft_nat.ko

kmod-nft-nat6:
appears to be an empty package

Attachment: OpenPGP_0xF4F735931F05C5CE.asc
Description: application/pgp-keys

Attachment: OpenPGP_signature
Description: OpenPGP digital signature