iptables nat does not exist

Due to the update of vzctl from 4.6 to 4.7 they changed the setting of nf_conntrack to be disabled by default. (https://openvz.org/Download/vzctl/4.7/changes)

Corresponding commit message:

...

Disable conntrack for VE0 by default

IP conntrack functionality has some negative impact on venet performance (uo to about 10%), so they better be disabled by default.

...

(Source: http://git.openvz.org/?p=vzctl;a=commit;h=a191a462579ee)

Solution:

In dependence of distribution it is somewhere in /etc directory. Find it:

$ sudo grep -R "options nf_conntrack ip_conntrack_disable_ve0=1" /etc/modprobe.d/

and replace the "1" with "0":

options nf_conntrack ip_conntrack_disable_ve0=0

reboot your system

(Source: https://bugzilla.openvz.org/show_bug.cgi?id=2943#c5)

Alternatively to rebooting:

rmmod iptable_nat
rmmod nf_nat
rmmod nf_conntrack_ipv4
rmmod nf_conntrack

And nat now working

All sources:

Changelog for vzctl 4.7: https://openvz.org/Download/vzctl/4.7/changes

Bug report with solution in comments: https://bugzilla.openvz.org/show_bug.cgi?id=2943

Bug report with shortened solution description: https://bugzilla.openvz.org/show_bug.cgi?id=2755#c4

Corresponding GIT commit: http://git.openvz.org/?p=vzctl;a=commit;h=a191a462579ee

Related Wiki article: https://openvz.org/NAT#IP_conntracks


You should be super user to run iptables. Therefore, run it as root.

$ iptables -t nat -L
iptables v1.4.19.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
[...]

Seems like something is actually wrong with the file? What if you try to strace modprobe /lib/modules/2.6.32-042stab088.4/kernel/net/ipv4/netfilter/iptable_nat.ko? Does the system really return a ENOENT (No such file or directory)? I can't imagine this would be it, but maybe SELinux is messing with the file? And finally, maybe the file/filesystem is corrupt. md5sum it with a known good version. Or just remove it and copy a new one altogether. Hopefully it's not the filesystem.

Try this: https://stackoverflow.com/questions/3140478/fatal-module-not-found-error-using-modprobe