Nat does not work after the last upgrade

Hi,

I use my osmc box as a openvpn server and, for that, I have to configure nat using:
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.88

Since the last update, I got the following error:
iptables v1.6.0: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

It seems that the module iptable_nat can not be loaded:
sudo modprobe iptable_nat
modprobe: ERROR: could not insert ‘iptable_nat’: Unknown symbol in module, or unknown parameter (see dmesg)

And the following errors are written to dmesg:
[ 4585.399160] nf_nat: Unknown symbol nf_ct_ext_add (err 0)
[ 4585.399213] nf_nat: Unknown symbol nf_ct_invert_tuplepr (err 0)
[ 4585.399253] nf_nat: Unknown symbol nf_ct_seqadj_set (err 0)
[ 4585.399314] nf_nat: Unknown symbol nf_ct_helper_expectfn_unregister (err 0)
[ 4585.399340] nf_nat: Unknown symbol nfnetlink_parse_nat_setup_hook (err 0)
[ 4585.399371] nf_nat: Unknown symbol nf_ct_extend_register (err 0)
[ 4585.399402] nf_nat: Unknown symbol nf_ct_helper_expectfn_register (err 0)
[ 4585.399426] nf_nat: Unknown symbol nf_ct_extend_unregister (err 0)
[ 4585.399463] nf_nat: Unknown symbol nf_ct_l3proto_module_put (err 0)
[ 4585.399500] nf_nat: Unknown symbol nf_conntrack_tuple_taken (err 0)
[ 4585.399555] nf_nat: Unknown symbol nf_conntrack_htable_size (err 0)
[ 4585.399587] nf_nat: Unknown symbol nf_conntrack_alter_reply (err 0)
[ 4585.399622] nf_nat: Unknown symbol nf_ct_free_hashtable (err 0)
[ 4585.399663] nf_nat: Unknown symbol nf_ct_iterate_destroy (err 0)
[ 4585.399737] nf_nat: Unknown symbol nf_ct_l3proto_try_module_get (err 0)
[ 4585.399762] nf_nat: Unknown symbol nf_ct_alloc_hashtable (err 0)

It seems that something has been broken with the last update, or is there any incompatibility?

Thanks for your help. Best Regards.

Looks to be fine on my Pi3:

osmc@osmc-pi3:~$ modinfo iptable_nat
filename:       /lib/modules/4.14.26-2-osmc/kernel/net/ipv4/netfilter/iptable_nat.ko
license:        GPL
srcversion:     5540E1907C770CB63D5E1EC
depends:        ip_tables,nf_nat_ipv4
intree:         Y
name:           iptable_nat
vermagic:       4.14.26-2-osmc SMP preempt mod_unload modversions ARMv7 p2v8 
osmc@osmc-pi3:~$ sudo modprobe iptable_nat
osmc@osmc-pi3:~$ lsmod | grep iptable
iptable_nat            16384  0
nf_nat_ipv4            16384  1 iptable_nat
iptable_mangle         16384  0
iptable_filter         16384  0
ip_tables              24576  3 iptable_mangle,iptable_filter,iptable_nat
x_tables               32768  3 iptable_mangle,ip_tables,iptable_filter
osmc@osmc-pi3:~$ iptables --version
iptables v1.6.0
osmc@osmc-pi3:~$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
osmc@osmc-pi3:~$ uname -a
Linux osmc-pi3 4.14.26-2-osmc #1 SMP PREEMPT Thu Mar 15 18:20:26 UTC 2018 armv7l GNU/Linux
osmc@osmc-pi3:~$ 

Assuming you’re on a Pi2 or Pi3, you could try reinstalling the kernel package:

sudo apt-get update
sudo apt-get install --reinstall rbp2-image-4.14.26-2-osmc

Failing that, we’d need full logs: grab-logs -A

1 Like

I have reinstalled the kernel and now it works!!!.

Thanks very much for your help and your quick answer. Best Regards.

Hi, how do I reinstall the kernel?

I am having the same error with osmc on atv1. I know atv no longer supported, but ill keep it running until the hardware stops working.

It seems that the OSMC repository only has one kernel package for atv: atv-image-4.2.3-25-osmc

If the output from running dpkg -l | grep atv-image returns atv-image-4.2.3-25-osmc you should be able to run

sudo apt-get install --reinstall atv-image-4.2.3-25-osmc

though I’ve no way to test this myself.