NAT for iptables not working

Our Neighbors Asahi Linux Ask Asahi
, , ,
1

Executing the command:

iptables -t nat -A POSTROUTING -s 192.168.30.0/24 ! -d 192.168.30.0/24 -o eth0 -j MASQUERADE

I get an error:

Warning: Extension MASQUERADE revision 0 not supported, missing kernel module?
iptables v1.8.9 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

I tried to add it via modprobe, but also an error:

[root@fedora ~]# modprobe iptable_nat

sh: line 1: /sbin/modprobe: No such file or directory
modprobe: ERROR: libkmod/libkmod-module.c:1047 command_do() Error running install command '/sbin/modprobe --ignore-install nf_conntrack  && /sbin/sysctl --quiet --pattern 'net[.]netfilter[.]nf_conntrack.*' --system' for module nf_conntrack: retcode 127
modprobe: ERROR: could not insert 'iptable_nat': Invalid argument

Maybe someone who has encountered this can help?

Asahi Fedora Version:

Linux fedora 6.4.11-401.asahi.fc38.aarch64+16k #1 SMP PREEMPT_DYNAMIC Mon Aug 21 19:38:10 UTC 2023 aarch64 GNU/Linux

OS: Fedora 38 ThirtyEight
      :-----------/shhOHbmp---:\      Kernel: aarch64 Linux 6.4.11-401.asahi.fc38.aarch64+16k
    /-----------omMMMNNNMMD  ---:     Uptime: 3h 46m
   :-----------sMMMMNMNMP.    ---:    Packages: 1794
  :-----------:MMMdP-------    ---\   Shell: bash 5.2.15
 ,------------:MMMd--------    ---:   Resolution: No X Server
 :------------:MMMd-------    .---:   WM: Mutter
 :----    oNMMMMMMMMMNho     .----:   WM Theme: Adwaita
 :--     .+shhhMMMmhhy++   .------/   GTK Theme: Adwaita [GTK3]
 :-    -------:MMMd--------------:    Disk: 136G / 271G (51%)
 :-   --------/MMMd-------------;     CPU: Unknown @ 8x 2.424GHz
 :-    ------/hMMMy------------:      GPU: Apple M2 (G14G B0)
 :-- :dMNdhhdNMMNo------------;       RAM: 12611MiB / 23743MiB
2

Perhaps the issue is related to iptables.
You can try firewalld with nftables backend.
It should be preinstalled on Fedora by default.

3

@vgaetera Thanks for the advice, but the firewalld doesn’t work either, there are a lot of errors related to the lack of NAT

1 Like
4

Did you try upgrading or downgrading the kernel?

6

Something is really broken in your system. /sbin is supposed to be a symlink to usr/sbin and /usr/sbin/modprobe should exist.

Please run ls -ald /sbin /sbin/modprobe /usr/sbin/modprobe; ls -al / and paste the output.

9 
ls -ald /sbin /sbin/modprobe /usr/sbin/modprobe; ls -al /
ls: cannot access '/sbin/modprobe': No such file or directory
lrwxrwxrwx. 1 root root  7 Feb  5  2023 /sbin -> usr/bin
lrwxrwxrwx. 1 root root 11 Jan 19  2023 /usr/sbin/modprobe -> ../bin/kmod
total 20
dr-xr-xr-x.   1 root root  144 Jun 19 20:08 .
dr-xr-xr-x.   1 root root  144 Jun 19 20:08 ..
dr-xr-xr-x.   1 root root    0 Jan 19  2023 afs
lrwxrwxrwx.   1 root root    7 Feb  5  2023 bin -> usr/bin
dr-xr-xr-x.   6 root root 4096 Aug 31 21:20 boot
drwxr-xr-x.  16 root root 4100 Aug 31 13:56 dev
dr-x------.   1 root root    0 Apr 29 21:49 efi
drwxr-xr-x.   1 root root 4398 Sep  4 08:46 etc
drwxr-xr-x.   1 root root   22 Jun 19 19:59 home
lrwxrwxrwx.   1 root root    7 Feb  5  2023 lib -> usr/lib
lrwxrwxrwx.   1 root root    9 Jan 19  2023 lib64 -> usr/lib64
drwxr-xr-x.   1 root root    0 Jan 19  2023 media
drwxr-xr-x.   1 root root    0 Jan 19  2023 mnt
drwxr-xr-x.   1 root root   38 Jul 12 15:15 opt
dr-xr-xr-x. 498 root root    0 Jan  1  1970 proc
dr-xr-x---.   1 root root  812 Sep  1 17:25 root
drwxr-xr-x.  39 root root  940 Aug 31 19:59 run
lrwxrwxrwx.   1 root root    7 Feb  5  2023 sbin -> usr/bin
drwxr-xr-x.   1 root root   14 Jun 12 16:31 srv
dr-xr-xr-x.  12 root root    0 Aug 31 13:56 sys
drwxrwxrwt. 104 root root 2460 Sep  4 08:46 tmp
drwxr-xr-x.   1 root root  100 Apr 29 21:49 usr
drwxr-xr-x.   1 root root  170 Jun 12 16:31 var
10 
ls -al /usr/sbin | grep modprobe
lrwxrwxrwx. 1 root root      11 Jan 19  2023 modprobe -> ../bin/kmod
11

Your /sbin link is broken, and somehow it has a different mtime from /lib64 and others (while on my system they all have the same mtime).

How long ago did you install, and how did you install? Please run rpm -qf /sbin.

12

I installed it a long time ago, then Fedora was not officially supported yet

rpm -qf /sbin
filesystem-3.18-3.fc38.aarch64
13

That sounds like something was fundamentally very broken with the filesystem layout back then. You can try sudo ln -nsf usr/sbin /sbin and see if that fixes it, but if you encounter any similar weird issues after that I would recommend reinstalling. It could even make your system unbootable if some packages ended up installing through sbin and some through bin, and I don’t think there’s any easy way to fix that.

14 
Thank you very much! It helped me. I'll probably reinstall Fedora later.
15

You can also verify the installed packages:
Selecting What to Verify, and How
And then reinstall the broken ones.

16

Thanks

1 Like