iptables v1 4 14 can t initialize iptables table nat Table does not exist do you need to insmod

Question

I m trying to set iptable rules  and I got following error message when I use iptable    iptables v1 4 14  can t initialize iptables table  nat   Table does not exist  do you need to insmod   Perhaps iptables or your kernel needs to be upgraded    I m using    cat  etc debian version  7 4  uname -a Linux myserver 2 6 32-22-pve  1 SMP Mon Jul 15 08 36 46 CEST 2013 x86 64 GNU Linux  uname -r 2 6 32-22-pve   This is a virtual server hosted by a service provider   What can I do to solve this

User · Answer

Finaly  my service provider answered       This is a limitation of the virtualization system we  use  OpenVZ     basic iptables rules are possible but not  those who use the nat   table        If this really is a problem  we can offer you to migrate to a  other   system virtualization  KVM  as we begin to offer  our customers    SO I had to migrate my server to the new system

User · Answer

check if tun tap enabled   cat  dev net tun   if ok will see something    cat   dev net tun  File descriptor in bad state

User · Answer

The table names are case-sensitive so you should use lower-case nat instead of upper-case NAT  For example   iptables -t nat -A POSTROUTING -s 192 168 1 1 24 -o eth0 -j MASQUERADE

User · Answer

It maybe useful to add that if you re seeing this error message and you re not using some kind of restricted container based hosting  e g  OpenVZ  then the problem maybe that the kernel is missing the nat modules  To check run   modinfo iptable nat   Which should print out the location of the module  if it prints an ERROR then you know that is your problem  There are also dependent modules like nf nat which might be missing so you ll have to dig deeper if the iptable nat module is there but fails  If it is missing you ll need to get another kernel and modules  or if you re rolling your own ensure that the kernel config contains CONFIG IP NF NAT m  for IPv4 NAT    For info the relevant kernel module is usually found in one of these locations   ls  lib modules  uname -r  kernel net netfilter  ls  lib modules  uname -r  kernel net ipv4 netfilter    And if you re running IPv6 also look here   ls  lib modules  uname -r  kernel net ipv6 netfilter

User · Answer

Short version    run iptables on the host before to run it in the virtual server  I m pretty sure this is some sort of LXC or OpenVZ container here    Long version    The problem is due to the fact that the ip table module is loaded on demand  So  after a reboot  on any machine that does not have any iptables rules loaded at boot time  the ip tables module is not loaded  no demand for the modules    the module is not loaded   Consequently  the LXC or OpenVZ containers cannot use iptables  since they share the host kernel but cannot modify which modules are loaded  until the host has somehow loaded the ip tables module

User · Answer

On OpenSUSE 15 3 systemd log reported this error  insmod suggestion was unhelpful    Feb 18 08 36 38 vagrant-openSUSE-Leap dockerd 20635   iptables v1 6 2  can t initialize iptables table  nat   Table does not exist  do you need to insmod     REBOOT fixed the problem

User · Answer

I had the same problem with Debian 8  I fixed it by restarting the system  It seems that the error can occur if the kernel image was updated and the system was not restarted thereafter

User · Answer

If you are running puppet it may set  proc sys kernel modules disabled to 1  inhibiting further module loading  When the machine is reboot  it gets set back to 0  allowing for changes  such as loading the iptables modules  After a certain amount of time puppet will set it back to 1 to protect the system from kernel root kits   Therefore  whatever modules that we are going to need should be loaded during or shortly after boot time

User · Answer

iptalbes tool relies on a kernel module interacting with netfilter to control network traffic  This error happens while iptalbes cannot found that module in kernel  so iptables suggest you to upgrade it    Perhaps iptables or your kernel needs to be upgraded   However in most cases it s just the module not added to kernel or being banned  try this command to check whether be banned  cd  etc modprobe d   amp  amp  grep -nr iptable nat  if the command shows any rule matched  such as blacklist iptable nat or install iptable nat  bin true  delete it  Since iptalbes will cost some performance  it s not strange to ban it while not necessary  If nothing found in blacklist  try add iptable-nat to the kernal manual  modprobe iptable-nat  If all of above not works  you can consider really upgrade your kernal

User · Answer

I had the same problem and this worked   sudo modprobe ip tables sudo echo  ip tables   gt  gt   etc modules   http   www howtoforge com forums showthread php t 3196

User · Answer

That solution from the official wiki      vzctl set  CTID --netfilter full --save   https   openvz org VPN via the TUN TAP device Troubleshooting

User · Answer

IP conntrack functionality has some negative impact on venet performance  uo to about 10    so they better be disabled by default   It s need for nat  https   serverfault com questions 593263 iptables-nat-does-not-exist

User · Answer

uname -av  sudo apt install --reinstall  output from uname -av

[linux-kernel] iptables v1.4.14: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)

Examples related to linux-kernel

Examples related to debian

Examples related to iptables