FS#59583 : [linux] modprobe iptable

FS#59583 - [linux] modprobe iptable_nat fails

Attached to Project: Arch Linux
Opened by Xiang Fan (sfanxiang) - Thursday, 09 August 2018, 00:37 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 09 August 2018, 16:54 GMT

Task Type	Bug Report
Category	Kernel
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Milan Kubik (apophys) (2018-08-09) Xiang Fan (sfanxiang) (2018-08-09)
Private	No

Details

# modprobe iptable_nat
modprobe: ERROR: could not insert 'iptable_nat': Device or resource busy

This happens after upgrading from 4.15.x to 4.17.x. NAT forwarding in libvirtd fails because of this.

Additional info:
* package version: linux-4.17.12.arch1-1

This task depends upon

Closed by Doug Newgard (Scimmia)
Thursday, 09 August 2018, 16:54 GMT
Reason for closing: Not a bug

Comment by loqs (loqs) - Thursday, 09 August 2018, 10:50 GMT

https://bbs.archlinux.org/viewtopic.php?id=239362 ?

Comment by Xiang Fan (sfanxiang) - Thursday, 09 August 2018, 15:11 GMT

Yes, it seems like a workaround. But just downgrading the kernel to 4.15.15 or lts allows nftable and iptable_nat to coexist. Seems to be somewhere between 4.15.15 and 4.17.2. Maybe someone could file a bug at kernel.org?

Comment by loqs (loqs) - Thursday, 09 August 2018, 15:22 GMT

https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT) indicates this incompatibility has been documented since July 2016.
Are you sure nf_nat and iptable_nat are both loaded on 4.15.15? If you believe this is a bug you can report it upstream http://vger.kernel.org/vger-lists.html#netfilter-devel

Comment by Xiang Fan (sfanxiang) - Thursday, 09 August 2018, 15:48 GMT

> Are you sure nf_nat and iptable_nat are both loaded on 4.15.15?
Yes, but according to nftables wiki we shouldn't rely on this. So it's libvirt's fault then?

Comment by loqs (loqs) - Thursday, 09 August 2018, 16:31 GMT

The system does not use firewalld?

Comment by Xiang Fan (sfanxiang) - Thursday, 09 August 2018, 16:40 GMT

I use firewalld on my computer, but libvirt directly calls iptables.

Comment by loqs (loqs) - Thursday, 09 August 2018, 16:49 GMT

So it is exactly https://bbs.archlinux.org/viewtopic.php?pid=1801224#p1801224
The default firewalld configuration changed with 0.6 and you have not altered it to use iptables again which would resolve the issue.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#59583 - [linux] modprobe iptable_nat fails

Details

Loading...