iptables nat does not exist

iptables nat centos openvz

Due to the update of vzctl from 4.6 to 4.7 they changed the setting of nf_conntrack to be disabled by default. (https://openvz.org/Download/vzctl/4.7/changes)

Corresponding commit message:

...

Disable conntrack for VE0 by default

IP conntrack functionality has some negative impact on venet performance (uo to about 10%), so they better be disabled by default.

...

(Source: http://git.openvz.org/?p=vzctl;a=commit;h=a191a462579ee)

Solution:

In dependence of distribution it is somewhere in /etc directory. Find it:

$ sudo grep -R "options nf_conntrack ip_conntrack_disable_ve0=1" /etc/modprobe.d/

and replace the "1" with "0":

options nf_conntrack ip_conntrack_disable_ve0=0

reboot your system

(Source: https://bugzilla.openvz.org/show_bug.cgi?id=2943#c5)

Alternatively to rebooting:

rmmod iptable_nat
rmmod nf_nat
rmmod nf_conntrack_ipv4
rmmod nf_conntrack

And nat now working

All sources:

Changelog for vzctl 4.7: https://openvz.org/Download/vzctl/4.7/changes

Bug report with solution in comments: https://bugzilla.openvz.org/show_bug.cgi?id=2943

Bug report with shortened solution description: https://bugzilla.openvz.org/show_bug.cgi?id=2755#c4

Corresponding GIT commit: http://git.openvz.org/?p=vzctl;a=commit;h=a191a462579ee

Related Wiki article: https://openvz.org/NAT#IP_conntracks


You should be super user to run iptables. Therefore, run it as root.

$ iptables -t nat -L
iptables v1.4.19.1: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
[...]

Seems like something is actually wrong with the file? What if you try to strace modprobe /lib/modules/2.6.32-042stab088.4/kernel/net/ipv4/netfilter/iptable_nat.ko? Does the system really return a ENOENT (No such file or directory)? I can't imagine this would be it, but maybe SELinux is messing with the file? And finally, maybe the file/filesystem is corrupt. md5sum it with a known good version. Or just remove it and copy a new one altogether. Hopefully it's not the filesystem.

Try this: https://stackoverflow.com/questions/3140478/fatal-module-not-found-error-using-modprobe

Related

SSH session never closes when executing "apt-get install"
Where can I look up for the ntpd log?
How to safely kick out other users logged in as root?
Barracuda spam filter alternative - virtualization/appliance friendly?
Monitoring message delivery on Postfix (or Cyrus IMAP)
bash stuck at 3.2-24.el5 (Redhat)
Updating ALOM firmware Sun Fire v440
How to close a connection if the requested host isn't a virtual host in apache
Redirect a HTTPS CONNECT using squid
One workstation gets slow access to the server, but others are fast
installing SSL certs on apache ... what certs to use?
15 to 20 developers on VM