You are not logged in.

#1 2018-08-07 04:49:32

rytc
Member
Registered: 2018-08-07
Posts: 3

[Solved] Network bridge nat not working after update

Hello, I ran pacman -Syu this evening and the nat bridge for my VM stopped working. The nat was setup via virt-manager, so I'm unsure of the exact details. The iptables command below probably shows how its setup.

$ sudo virsh net-list --all
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 default              inactive   no            yes
 net2                 inactive   yes           yes
 network              inactive   no            yes

net2 is the network I was using for my vm without any issues before this update. Now when I try to start the vm/bridge, I get this error:

$ sudo virsh net-start net2
error: Failed to start network net2
error: COMMAND_FAILED: '/usr/bin/iptables -w2 -w --table nat --insert POSTROUTING --source 192.168.5.0/24 ! --destination 192.168.5.0/24 --out-interface wlp7s0 --jump MASQUERADE' failed: iptables v1.6.2: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

after some poking around, I found that the iptable_nat module is not installed.

$ lsmod | grep iptable
iptable_filter         16384  0
ip_tables              28672  1 iptable_filter
x_tables               45056  8 ebtables,ip6table_filter,xt_conntrack,iptable_filter,xt_tcpudp,ip6_tables,ipt_REJECT,ip_tables

$ lsmod | grep nat
nft_chain_nat_ipv6     16384  2
nf_nat_ipv6            16384  1 nft_chain_nat_ipv6
nft_chain_nat_ipv4     16384  2
nf_nat_ipv4            16384  1 nft_chain_nat_ipv4
nf_nat                 36864  2 nf_nat_ipv6,nf_nat_ipv4
nf_tables             118784  111 nft_ct,nft_set_rbtree,nft_chain_nat_ipv6,nft_chain_nat_ipv4,nft_reject_inet,nft_fib_ipv6,nft_set_bitmap,nft_fib_ipv4,nft_meta,nft_set_hash,nft_reject,nft_fib,nft_fib_inet
ebtable_nat            16384  0
nf_conntrack          155648  9 xt_conntrack,nf_conntrack_ipv6,nf_conntrack_ipv4,nf_nat,nft_ct,nft_chain_nat_ipv6,nf_nat_ipv6,nft_chain_nat_ipv4,nf_nat_ipv4
ebtables               36864  3 ebtable_nat,ebtable_filter,ebtable_broute
libcrc32c              16384  3 nf_conntrack,nf_nat,btrfs

$ lsmod | grep table
nf_tables             118784  111 nft_ct,nft_set_rbtree,nft_chain_nat_ipv6,nft_chain_nat_ipv4,nft_reject_inet,nft_fib_ipv6,nft_set_bitmap,nft_fib_ipv4,nft_meta,nft_set_hash,nft_reject,nft_fib,nft_fib_inet
ebtable_nat            16384  0
ebtable_broute         16384  0
bridge                188416  1 ebtable_broute
nfnetlink              16384  2 nf_tables,ip_set
ebtable_filter         16384  0
ebtables               36864  3 ebtable_nat,ebtable_filter,ebtable_broute
ip6table_filter        16384  0
ip6_tables             32768  1 ip6table_filter
iptable_filter         16384  0
ip_tables              28672  1 iptable_filter
x_tables               45056  8 ebtables,ip6table_filter,xt_conntrack,iptable_filter,xt_tcpudp,ip6_tables,ipt_REJECT,ip_tables

$ lsmod | grep nf
nft_set_bitmap         16384  3
nft_set_hash           28672  0
nft_set_rbtree         16384  0
nft_fib_inet           16384  1
nft_fib_ipv4           16384  1 nft_fib_inet
nft_fib_ipv6           16384  1 nft_fib_inet
nft_fib                16384  3 nft_fib_ipv6,nft_fib_ipv4,nft_fib_inet
nft_reject_inet        16384  2
nf_reject_ipv4         16384  2 nft_reject_inet,ipt_REJECT
nf_reject_ipv6         16384  1 nft_reject_inet
nft_reject             16384  1 nft_reject_inet
nft_meta               16384  10
nft_ct                 20480  6
nft_chain_nat_ipv6     16384  2
nf_conntrack_ipv6      16384  9
nf_defrag_ipv6         20480  1 nf_conntrack_ipv6
nf_nat_ipv6            16384  1 nft_chain_nat_ipv6
nft_chain_nat_ipv4     16384  2
nf_conntrack_ipv4      16384  9
nf_defrag_ipv4         16384  1 nf_conntrack_ipv4
nf_nat_ipv4            16384  1 nft_chain_nat_ipv4
nf_nat                 36864  2 nf_nat_ipv6,nf_nat_ipv4
nf_tables             118784  111 nft_ct,nft_set_rbtree,nft_chain_nat_ipv6,nft_chain_nat_ipv4,nft_reject_inet,nft_fib_ipv6,nft_set_bitmap,nft_fib_ipv4,nft_meta,nft_set_hash,nft_reject,nft_fib,nft_fib_inet
nf_conntrack          155648  9 xt_conntrack,nf_conntrack_ipv6,nf_conntrack_ipv4,nf_nat,nft_ct,nft_chain_nat_ipv6,nf_nat_ipv6,nft_chain_nat_ipv4,nf_nat_ipv4
nfnetlink              16384  2 nf_tables,ip_set
libcrc32c              16384  3 nf_conntrack,nf_nat,btrfs

When I try to insert the mod, I get this error:

$ sudo modprobe iptable_nat
modprobe: ERROR: could not insert 'iptable_nat': Device or resource busy

Any help would be appreciated.

Last edited by rytc (2018-08-08 00:28:10)

Offline

#2 2018-08-07 08:03:56

lo1
Member
Registered: 2017-09-25
Posts: 584

Re: [Solved] Network bridge nat not working after update

Really dumb question: did you reboot your machine after the kernel was updgraded?

Offline

#3 2018-08-07 09:42:14

stanna
Member
From: melb.au
Registered: 2017-03-24
Posts: 99

Re: [Solved] Network bridge nat not working after update

same issue here. after rebooting firewalld does not start and rolling back to the previous version did not resolve the issue

i got around it hastily by disabling firewalld and restarting - working perfectly now but not the best solution. (needed urgent access to the VM)

Last edited by stanna (2018-08-07 09:44:41)

Offline

#4 2018-08-07 12:29:12

sebkirller
Member
Registered: 2015-01-12
Posts: 15

Re: [Solved] Network bridge nat not working after update

I am experiencing the same problems. A little Googling around lead me to these sources:
https://www.spinics.net/lists/netfilter/msg58008.html,
https://blog.printk.io/2018/06/iptable- … be-loaded/

They suggest unloading the 'iptable_nat' module.
I haven't yet had time to test these solutions but if you're feeling adventures give it a try.

EDIT
Never mind I don't think this is related to the current issue.

Last edited by sebkirller (2018-08-07 13:50:24)

Offline

#5 2018-08-07 12:58:12

martin.savc
Member
Registered: 2018-08-07
Posts: 3

Re: [Solved] Network bridge nat not working after update

Same problems. iptables is missing the table nat, iptables_nat module is not loaded in the kernel and using

$ sudo modprobe iptable_nat

fails as rytc described.

In my case this also disrupts the network/firewall configuration during boot. I need to restart firewalld,service before accessing the network.

Offline

#6 2018-08-07 13:13:19

loqs
Member
Registered: 2014-03-06
Posts: 17,194

Re: [Solved] Network bridge nat not working after update

Please post the pacman.log for the update that triggered this.

Offline

#7 2018-08-07 13:33:37

sebkirller
Member
Registered: 2015-01-12
Posts: 15

Re: [Solved] Network bridge nat not working after update

Ok so the problem is with the most current Linux kernel, 4.17.12, which does not include iptable_nat anymore. After I switched over to the LTS kernel 4.14.60-1, the iptable_nat came back and I can once again use the nat table.
So somewhere from around 4.14.60 and 4.17.12 the iptable_nat module got removed.

Offline

#8 2018-08-07 13:49:37

martin.savc
Member
Registered: 2018-08-07
Posts: 3

Re: [Solved] Network bridge nat not working after update

Here are the logs (there are reasonably anonymous right?):
https://pastebin.com/WXbbnRa0
One significant change that i do notice is that nftables was installed as a new package. I probably need to configure it to work with iptables?

Offline

#9 2018-08-07 13:55:45

rytc
Member
Registered: 2018-08-07
Posts: 3

Re: [Solved] Network bridge nat not working after update

Yes I did reboot a couple of times, here is pacman.log

Edit: yea, nftables was installed for me too

Edit2: I guess I just need to figure out how to setup the nat using nftables?

[2018-08-06 18:08] [PACMAN] synchronizing package lists
[2018-08-06 18:08] [PACMAN] starting full system upgrade
[2018-08-06 18:12] [ALPM] transaction started
[2018-08-06 18:12] [ALPM] upgraded linux-api-headers (4.16.1-1 -> 4.17.11-1)
[2018-08-06 18:12] [ALPM] warning: /etc/locale.gen installed as /etc/locale.gen.pacnew
[2018-08-06 18:12] [ALPM] upgraded glibc (2.27-3 -> 2.28-1)
[2018-08-06 18:12] [ALPM-SCRIPTLET] Generating locales...
[2018-08-06 18:12] [ALPM-SCRIPTLET]   en_US.UTF-8... done
[2018-08-06 18:12] [ALPM-SCRIPTLET] Generation complete.
[2018-08-06 18:12] [ALPM] upgraded gcc-libs (8.1.1+20180531-1 -> 8.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded libutil-linux (2.32.1-1 -> 2.32.1-2)
[2018-08-06 18:12] [ALPM] upgraded avahi (0.7+16+g1cc2b8e-1 -> 0.7+16+g1cc2b8e-2)
[2018-08-06 18:12] [ALPM] upgraded binutils (2.30-5 -> 2.31.1-1)
[2018-08-06 18:12] [ALPM] upgraded boost-libs (1.67.0-5 -> 1.67.0-6)
[2018-08-06 18:12] [ALPM] upgraded btrfs-progs (4.17-1 -> 4.17-2)
[2018-08-06 18:12] [ALPM] upgraded libxml2 (2.9.8-2 -> 2.9.8-3)
[2018-08-06 18:12] [ALPM] upgraded llvm-libs (6.0.1-1 -> 6.0.1-2)
[2018-08-06 18:12] [ALPM] upgraded gcc (8.1.1+20180531-1 -> 8.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded clang (6.0.1-1 -> 6.0.1-2)
[2018-08-06 18:12] [ALPM] upgraded device-mapper (2.02.180-1 -> 2.02.181-1)
[2018-08-06 18:12] [ALPM] upgraded cryptsetup (2.0.3-2 -> 2.0.4-1)
[2018-08-06 18:12] [ALPM] installed nftables (1:0.9.0-1)
[2018-08-06 18:12] [ALPM] upgraded perl (5.26.2-2 -> 5.28.0-1)
[2018-08-06 18:12] [ALPM] upgraded libldap (2.4.46-1 -> 2.4.46-2)
[2018-08-06 18:12] [ALPM] upgraded python (3.6.6-1 -> 3.7.0-3)
[2018-08-06 18:12] [ALPM] upgraded python-decorator (4.3.0-1 -> 4.3.0-2)
[2018-08-06 18:12] [ALPM] upgraded pygobject-devel (3.28.3-1 -> 3.28.3-2)
[2018-08-06 18:12] [ALPM] upgraded python-gobject (3.28.3-1 -> 3.28.3-2)
[2018-08-06 18:12] [ALPM] upgraded python-dbus-common (1.2.8-1 -> 1.2.8-2)
[2018-08-06 18:12] [ALPM] upgraded python-dbus (1.2.8-1 -> 1.2.8-2)
[2018-08-06 18:12] [ALPM] upgraded python-six (1.11.0-1 -> 1.11.0-3)
[2018-08-06 18:12] [ALPM] upgraded util-linux (2.32.1-1 -> 2.32.1-2)
[2018-08-06 18:12] [ALPM] upgraded python-slip (0.6.5-1 -> 0.6.5-2)
[2018-08-06 18:12] [ALPM] upgraded firewalld (0.5.1-1 -> 0.6.0-1)
[2018-08-06 18:12] [ALPM] upgraded libtool (2.4.6+40+g6ca5e224-7 -> 2.4.6+42+gb88cebd5-1)
[2018-08-06 18:12] [ALPM] upgraded gdb-common (8.1-1 -> 8.1-3)
[2018-08-06 18:12] [ALPM] upgraded gdb (8.1-1 -> 8.1-3)
[2018-08-06 18:12] [ALPM] upgraded gpgme (1.11.1-1 -> 1.11.1-2)
[2018-08-06 18:12] [ALPM] upgraded vim-runtime (8.1.0022-1 -> 8.1.0194-2)
[2018-08-06 18:12] [ALPM] upgraded libxkbcommon (0.8.0-2 -> 0.8.2-1)
[2018-08-06 18:12] [ALPM] upgraded xcb-proto (1.13-1 -> 1.13-2)
[2018-08-06 18:12] [ALPM] upgraded libproxy (0.4.15-6 -> 0.4.15-8)
[2018-08-06 18:12] [ALPM] upgraded gvim (8.1.0022-1 -> 8.1.0194-2)
[2018-08-06 18:12] [ALPM] upgraded lensfun (0.3.2-6 -> 0.3.2-7)
[2018-08-06 18:12] [ALPM] upgraded libgexiv2 (0.10.8-1 -> 0.10.8-2)
[2018-08-06 18:12] [ALPM] upgraded libibus (1.5.18-1 -> 1.5.18-2)
[2018-08-06 18:12] [ALPM] upgraded libvirt-python2 (4.5.0-1 -> 4.5.0-2)
[2018-08-06 18:12] [ALPM] upgraded libxkbcommon-x11 (0.8.0-2 -> 0.8.2-1)
[2018-08-06 18:12] [ALPM] upgraded linux (4.17.11-1 -> 4.17.12.arch1-1)
[2018-08-06 18:12] [ALPM] upgraded linux-headers (4.17.11-1 -> 4.17.12.arch1-1)
[2018-08-06 18:12] [ALPM] upgraded lvm2 (2.02.180-1 -> 2.02.181-1)
[2018-08-06 18:12] [ALPM] upgraded meson (0.47.1-1 -> 0.47.1-2)
[2018-08-06 18:12] [ALPM] upgraded perl-error (0.17026-1 -> 0.17026-2)
[2018-08-06 18:12] [ALPM] upgraded perl-timedate (2.30-4 -> 2.30-5)
[2018-08-06 18:12] [ALPM] upgraded perl-mailtools (2.20-1 -> 2.20-2)
[2018-08-06 18:12] [ALPM] upgraded perl-xml-parser (2.44-6 -> 2.44-7)
[2018-08-06 18:12] [ALPM] upgraded protobuf (3.5.2-1 -> 3.6.0.1-1)
[2018-08-06 18:12] [ALPM] upgraded pygobject2-devel (2.28.7-1 -> 2.28.7-2)
[2018-08-06 18:12] [ALPM] upgraded pyqt5-common (5.11.2-1 -> 5.11.2-2)
[2018-08-06 18:12] [ALPM] upgraded python-anytree (2.4.3-1 -> 2.4.3-2)
[2018-08-06 18:12] [ALPM] upgraded python-appdirs (1.4.3-1 -> 1.4.3-2)
[2018-08-06 18:12] [ALPM] upgraded python-attrs (18.1.0-1 -> 18.1.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-beaker (1.10.0-1 -> 1.10.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-msgpack (0.5.6-1 -> 0.5.6-2)
[2018-08-06 18:12] [ALPM] upgraded python-urllib3 (1.23-1 -> 1.23-2)
[2018-08-06 18:12] [ALPM] upgraded python-pyparsing (2.2.0-1 -> 2.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-packaging (17.1-1 -> 17.1-2)
[2018-08-06 18:12] [ALPM] upgraded python-setuptools (1:39.2.0-2 -> 1:39.2.0-3)
[2018-08-06 18:12] [ALPM] upgraded python-chardet (3.0.4-1 -> 3.0.4-2)
[2018-08-06 18:12] [ALPM] upgraded python-idna (2.7-2 -> 2.7-3)
[2018-08-06 18:12] [ALPM] upgraded python-requests (2.19.1-1 -> 2.19.1-2)
[2018-08-06 18:12] [ALPM] upgraded python-cachecontrol (0.12.5-2 -> 0.12.5-4)
[2018-08-06 18:12] [ALPM] upgraded python-click (6.7-1 -> 6.7-2)
[2018-08-06 18:12] [ALPM] upgraded python-colorama (0.3.9-1 -> 0.3.9-2)
[2018-08-06 18:12] [ALPM] upgraded python-distlib (0.2.7-1 -> 0.2.7-2)
[2018-08-06 18:12] [ALPM] upgraded python-distro (1.3.0-1 -> 1.3.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-webencodings (0.5.1-1 -> 0.5.1-2)
[2018-08-06 18:12] [ALPM] upgraded python-html5lib (1.0.1-2 -> 1.0.1-3)
[2018-08-06 18:12] [ALPM] upgraded python-itsdangerous (0.24-3 -> 0.24-4)
[2018-08-06 18:12] [ALPM] upgraded python-markupsafe (1.0-1 -> 1.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-jinja (2.10-1 -> 2.10-2)
[2018-08-06 18:12] [ALPM] upgraded python-lockfile (0.12.2-2 -> 0.12.2-3)
[2018-08-06 18:12] [ALPM] upgraded python-lxml (4.2.3-1 -> 4.2.4-1)
[2018-08-06 18:12] [ALPM] upgraded python-mako (1.0.7-1 -> 1.0.7-2)
[2018-08-06 18:12] [ALPM] upgraded python-progress (1.4-1 -> 1.4-2)
[2018-08-06 18:12] [ALPM] upgraded python-pytoml (0.1.16-1 -> 0.1.16-2)
[2018-08-06 18:12] [ALPM] upgraded python-retrying (1.3.3-3 -> 1.3.3-4)
[2018-08-06 18:12] [ALPM] upgraded python-pip (10.0.1-1 -> 18.0-1)
[2018-08-06 18:12] [ALPM] upgraded python-pygments (2.2.0-1 -> 2.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded python-pypeg2 (2.15.2-2 -> 2.15.2-3)
[2018-08-06 18:12] [ALPM] upgraded python-sip-pyqt5 (4.19.12-4 -> 4.19.12-5)
[2018-08-06 18:12] [ALPM] upgraded python-pyqt5 (5.11.2-1 -> 5.11.2-2)
[2018-08-06 18:12] [ALPM] upgraded shiboken (1.2.4-3 -> 1.2.4-4)
[2018-08-06 18:12] [ALPM] upgraded python-shiboken (1.2.4-3 -> 1.2.4-4)
[2018-08-06 18:12] [ALPM] upgraded python-pyside-common (1.2.4-8 -> 1.2.4-9)
[2018-08-06 18:12] [ALPM] upgraded python-pyside (1.2.4-8 -> 1.2.4-9)
[2018-08-06 18:12] [ALPM] upgraded python-sip (4.19.12-4 -> 4.19.12-5)
[2018-08-06 18:12] [ALPM] upgraded python-werkzeug (0.14.1-2 -> 0.14.1-3)
[2018-08-06 18:12] [ALPM] upgraded python-yaml (3.13-1 -> 3.13-2)
[2018-08-06 18:12] [ALPM] upgraded python2-appdirs (1.4.3-1 -> 1.4.3-2)
[2018-08-06 18:12] [ALPM] upgraded python2-cairo (1.17.0-1 -> 1.17.0-2)
[2018-08-06 18:12] [ALPM] upgraded python2-pyparsing (2.2.0-1 -> 2.2.0-2)
[2018-08-06 18:12] [ALPM] upgraded python2-six (1.11.0-1 -> 1.11.0-3)
[2018-08-06 18:12] [ALPM] upgraded python2-packaging (17.1-1 -> 17.1-2)
[2018-08-06 18:12] [ALPM] upgraded python2-setuptools (1:39.2.0-2 -> 1:39.2.0-3)
[2018-08-06 18:12] [ALPM] upgraded python2-chardet (3.0.4-1 -> 3.0.4-2)
[2018-08-06 18:12] [ALPM] upgraded python2-gobject (3.28.3-1 -> 3.28.3-2)
[2018-08-06 18:12] [ALPM] upgraded python2-gobject2 (2.28.7-1 -> 2.28.7-2)
[2018-08-06 18:12] [ALPM] upgraded python2-idna (2.7-2 -> 2.7-3)
[2018-08-06 18:12] [ALPM] upgraded python2-urllib3 (1.23-1 -> 1.23-2)
[2018-08-06 18:12] [ALPM] upgraded python2-requests (2.19.1-1 -> 2.19.1-2)
[2018-08-06 18:12] [ALPM] upgraded ranger (1.9.1-1 -> 1.9.1-2)
[2018-08-06 18:12] [ALPM] upgraded re2 (20180701-1 -> 20180801-1)
[2018-08-06 18:12] [ALPM] upgraded redshift (1.12-1 -> 1.12-2)
[2018-08-06 18:12] [ALPM] upgraded rxvt-unicode-terminfo (9.22-6 -> 9.22-7)
[2018-08-06 18:12] [ALPM] upgraded sip (4.19.12-4 -> 4.19.12-5)
[2018-08-06 18:12] [ALPM] upgraded vde2 (2.3.2-10 -> 2.3.2-11)
[2018-08-06 18:12] [ALPM-SCRIPTLET] vde config files should be placed in /etc/vde, sample files are provided.
[2018-08-06 18:12] [ALPM-SCRIPTLET] iptables and dhcpd sample files have been installed to '/usr/share/vde2'.
[2018-08-06 18:12] [ALPM-SCRIPTLET] Merge those examples, if needed to the according config files.
[2018-08-06 18:12] [ALPM] transaction completed
[2018-08-06 18:12] [ALPM] running '60-linux.hook'...
[2018-08-06 18:12] [ALPM] running '90-linux.hook'...
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Starting build: 4.17.12-arch1-1-ARCH
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [base]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [udev]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [autodetect]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [modconf]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [block]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [filesystems]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [keyboard]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [fsck]
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux.img
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Image generation successful
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Starting build: 4.17.12-arch1-1-ARCH
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [base]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [udev]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [modconf]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [block]
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: wd719x
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> WARNING: Possibly missing firmware for module: aic94xx
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [filesystems]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [keyboard]
[2018-08-06 18:12] [ALPM-SCRIPTLET]   -> Running build hook: [fsck]
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-fallback.img
[2018-08-06 18:12] [ALPM-SCRIPTLET] ==> Image generation successful
[2018-08-06 18:12] [ALPM] running 'detect-old-perl-modules.hook'...
[2018-08-06 18:12] [ALPM] running 'glib-compile-schemas.hook'...
[2018-08-06 18:12] [ALPM] running 'gtk-update-icon-cache.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-daemon-reload.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-sysusers.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-tmpfiles.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-udev-reload.hook'...
[2018-08-06 18:12] [ALPM] running 'systemd-update.hook'...
[2018-08-06 18:12] [ALPM] running 'texinfo-install.hook'...
[2018-08-06 18:12] [ALPM] running 'update-desktop-database.hook'...

Last edited by rytc (2018-08-07 14:10:12)

Offline

#10 2018-08-07 15:59:05

squalou
Member
Registered: 2018-06-04
Posts: 112

Re: [Solved] Network bridge nat not working after update

Just to mention that I face a similar issue, and had to fight a few hours to solve this.

Issue is : it completely breaks docker, that fails to start with messages such as

[IPTables] can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)

which is a real pain as my arch machine is my work machine : can't do without docker.

In my case, I first thought a kernel downgrade would solve things, but apparently it was not the solution.

I had to remove firewalld

no replacement found so far

Last edited by squalou (2018-08-07 17:34:16)

Offline

#11 2018-08-07 19:49:01

dapolinario
Member
From: Brasil
Registered: 2010-03-18
Posts: 58

Re: [Solved] Network bridge nat not working after update

Try to use iptables instead of nftables in the default configuration.

/etc/firewalld/firewalld.conf

...
FirewallBackend=iptables
...

https://firewalld.org/2018/07/nftables-backend
https://firewalld.org/2018/07/firewalld-0-6-0-release

Last edited by dapolinario (2018-08-07 21:09:16)


Arch Linux: The power in your hands!

Offline

#12 2018-08-07 21:12:12

squalou
Member
Registered: 2018-06-04
Posts: 112

Re: [Solved] Network bridge nat not working after update

Thank you !!

Offline

#13 2018-08-08 00:27:56

rytc
Member
Registered: 2018-08-07
Posts: 3

Re: [Solved] Network bridge nat not working after update

dapolinario wrote:

Try to use iptables instead of nftables in the default configuration.

/etc/firewalld/firewalld.conf

...
FirewallBackend=iptables
...

https://firewalld.org/2018/07/nftables-backend
https://firewalld.org/2018/07/firewalld-0-6-0-release

Awesome, that looks to have fixed it. Thanks!

Offline

#14 2018-08-08 06:53:24

ixevix
Member
Registered: 2018-08-08
Posts: 2

Re: [Solved] Network bridge nat not working after update

Hi, just wanted to post that I got it working by setting FirewallBackend=iptables in /etc/firewalld/firewalld.conf fixed it for me. Thanks!

Offline

#15 2018-08-08 09:20:35

eth0:1
Member
Registered: 2015-07-17
Posts: 33

Re: [Solved] Network bridge nat not working after update

dapolinario wrote:

Try to use iptables instead of nftables in the default configuration.

/etc/firewalld/firewalld.conf

...
FirewallBackend=iptables
...

https://firewalld.org/2018/07/nftables-backend
https://firewalld.org/2018/07/firewalld-0-6-0-release

Actually, this is kind of workaround.
nftables was installed as a dependency to firewalld where iptables is listed too. But installing nftables breaks iptable_nat module load if you have NAT rules in firewalld configuration and this stops firewalld from starting.
I blacklisted

cat /etc/modprobe.d/nftables.conf | grep -v #
blacklist nft_masq_ipv4
blacklist nft_masq_ipv6
blacklist nft_chain_nat_ipv6
blacklist nft_chain_nat_ipv4

those 4 modules and iptable_nat is able to load, but firewalld can't start (didn't change backend yet).
All other modules from iptables and nft can be loaded at the same time except NAT.
This is kind of bug of nft? My logic: if they are both listed as dep to one service, they should work together.

Offline

#16 2018-08-12 18:35:59

backerman
Member
Registered: 2017-12-25
Posts: 3

Re: [Solved] Network bridge nat not working after update

eth0:1's solution partially worked for me. libvirt can now start its networks, but docker still fails (see Docker service wont start with firewalld). EDIT: didn't quite have the blacklist file right; it works now.

Last edited by backerman (2018-08-12 18:39:55)

Offline

#17 2018-08-13 16:11:31

POINTS
Member
Registered: 2013-11-29
Posts: 29

Re: [Solved] Network bridge nat not working after update

I was able to switch back to "nftables" in firewalld.conf with the latest version of firewalld that was just pushed to the non-testing repos (firewalld-0.6.1-1). libvirt now starts it networks. I did not have to black list anything.

Offline

#18 2018-08-13 16:17:04

loqs
Member
Registered: 2014-03-06
Posts: 17,194

Re: [Solved] Network bridge nat not working after update

Offline

#19 2018-08-20 20:14:44

rasertux
Member
From: Florianópolis, Brazil
Registered: 2012-03-03
Posts: 46

Re: [Solved] Network bridge nat not working after update

I have the same issue, arch is my work machine and docker stop working after update, change the firewalld.conf works for me too, thanks.

Offline

#20 2018-08-31 08:20:22

rumanzo
Member
Registered: 2018-08-31
Posts: 1

Re: [Solved] Network bridge nat not working after update

I spent at least three hours trying to understand why network in docker container partially broken. Thanks, "FirewallBackend=iptables" works!

Offline

#21 2018-09-13 05:10:30

POINTS
Member
Registered: 2013-11-29
Posts: 29

Re: [Solved] Network bridge nat not working after update

POINTS wrote:

I was able to switch back to "nftables" in firewalld.conf with the latest version of firewalld that was just pushed to the non-testing repos (firewalld-0.6.1-1). libvirt now starts it networks. I did not have to black list anything.

I was wrong (or something else has changed). I had to switch back to "FirewallBackend=iptables" in order for the "default" NAT in libvirt to set the IP in my VM with DHCP correctly. Static IP seemed to work although I didn't bother to test setting a static DNS server.

Offline

#22 2018-11-11 19:12:55

talad
Member
Registered: 2018-11-11
Posts: 1

Re: [Solved] Network bridge nat not working after update

dapolinario wrote:

Try to use iptables instead of nftables in the default configuration.

Worked for me, too. Thanks!

Offline

Board footer

Powered by FluxBB