New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
IP tables and Kernel help
Hello,
I am trying to foward internet access from my public ip to my NAT ip's using IP tables I am running iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j SNAT --to 1.2.3.4
(Showing 1.2.3.4 as my public ip)
After running that iptables command I get,
"iptables v1.4.7: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded."
I am assuming I need to install iptables in my kernel? I can't find anywhere online on how to..
Any help is appreciated.
Thanks,
Cam
Comments
Is what you're doing this on an OpenVZ VM? If not, try: modprobe iptables_nat
If it is indeed OpenVZ, you're going to have severe difficulty using NAT rules.
Sorry,
Forgot to mention. I am on a dedicated server running CentOS with multiple openvz trying to forward the internet connection to them without giving them a dedicated IPv4.
You have to check if your kernel was compiled with NAT support. It could be in /proc/config.gz (if CONFIG_IKCONFIG_PROC was set), or sometimes it is in /boot. If you do not find it, then simply re-compile kernel to be sure you have NAT-support in it (at least as module).
Hey,
I don't have a file /proc/config.gz but I do have the kernel conf file in /boot. Do I just put CONFIG_IKCONFIG_PROC in the kernel and then re-compile?
Anyone have a guide that could help?
Thanks,
Cam
The iptables rule you did is more of giving internet access to your LAN.
If you want port forward from public to private, you should be using prerouting and DNAT to forward the connection.
For openVZ, ask host provider to enable NAT access to your container.
Using this for my own LXC containers:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 12345 -j DNAT --to 10.0.3.2:12345Hello,
I don't necessarily need to portforward right now but maybe in the future. Currently I am trying to get each vm access to internet like you were saying.
I will go ahead and message my DC to enable NAT.
I do still have to get iptables working. Any help with that is greatly appreciated.
Thanks,
Cam
Thanks for this. I will probably need this in the future but first I need to get the VM's internet access.
I am trying to do it by running running "iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j SNAT --to 1.2.3.4"
But all I get is
"iptables v1.4.7: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded."
I need help with whatever is needed to get iptables in my kernel. (I think that's what is wrong)
Thanks for your help,
Cam
You do not need iptables in your kernel. That's user space tool. What you need in kernel is filtering with all options you need. First check if you have kernel-sources installed (if not, you have to install it). Then go to /usr/src/linux (or wherever Centos install kernel sources), type "make menuconfig", answer zillion of questions, save config, and then standard procedure for kernel compilation:
make dep (probably not needed anymore) && make clean && make bzImage && make modules && make modules_install
At the end you have to install new kernel (depends on what bootloader you are using). I can not give you step-by-step procedure, as I'm using different linux-flavour. But if you never compiled linux-kernel, you'd better read something about it first...
btw you know you have to compile kernel on openvz-host (master), not in openvz-vps, right?
For the install new kernel part I am using centos 6.8.
Haha. Yeah I know that I need to do this on the host.
Thanks for your help let me know if this will damage solus,
Cam