Iptables NAT module does not work in container.

Article ID: 5228 
Last Review: Oct,6 2008
Author:
Last updated by: system APPLIES TO:
  • Virtuozzo for Linux 3.x
  • Virtuozzo Containers for Linux 4.x

Symptoms

NAT module does not work in container, you get "can't initialize iptables table 'nat'" error:

# iptables  -t nat  -L -n
iptables v1.2.11: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

The following Iptables modules settings are configured on the hardware node:

# cat /proc/net/ip_tables_targets
LOG
TOS
TCPMSS
REJECT
ERROR
# grep con /etc/modprobe.conf
options ip_conntrack ip_conntrack_disable_ve0=1

Resolution

If order to enable NAT you should perform the following actions on the hardware node:

- stop Virtuozzo service and all containers:
# service vz stop

- reconfigure IPtables module "ip_conntrack":
# sed -i '/ip_conntrack/ d' /etc/modprobe.conf
# echo "options ip_conntrack ip_conntrack_disable_ve0=0" >> /etc/modprobe.conf

- restart IPtables service:
 
# service iptables restart

- start Vituozzo service and all CTs:
 
# service vz start
Keywords: iptables nat


Subscription for this article changesSubscription for this article changes

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
* - required fields