Bug 926055 - firewall-config fails silently in GUI because of missing NAT table
Summary: firewall-config fails silently in GUI because of missing NAT table
Keywords:
Status: CLOSED DUPLICATE of bug 967376
Alias: None
Product: Fedora
Classification: Fedora
Component: firewalld
Version: 18
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-23 13:45 UTC by Thomas Meyer
Modified: 2013-06-17 14:56 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-06-17 14:56:24 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Thomas Meyer 2013-03-23 13:45:11 UTC
Description of problem:

$ firewall-config 
Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 9: reading configurations from ~/.fonts.conf is deprecated.
Traceback (most recent call last):
  File "/usr/bin/firewall-config", line 809, in onReloadFirewalld
    self.fw.reload()
  File "<string>", line 2, in reload
  File "/usr/lib/python2.7/site-packages/slip/dbus/polkit.py", line 141, in _enable_proxy
    return func(*p, **k)
  File "/usr/lib/python2.7/site-packages/firewall/client.py", line 638, in reload
    self.fw.reload()
  File "/usr/lib/python2.7/site-packages/slip/dbus/proxies.py", line 50, in __call__
    return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs)
  File "/usr/lib/python2.7/site-packages/dbus/proxies.py", line 145, in __call__
    **keywords)
  File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 651, in call_blocking
    message, timeout)
dbus.exceptions.DBusException: org.freedesktop.DBus.Python.dbus.exceptions.DBusException: '/sbin/iptables -t nat -N PREROUTING_direct' failed: iptables v1.4.16.2: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

$ yum info firewalld
Geladene Plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit
Installierte Pakete
Name       : firewalld
Architektur : noarch
Version    : 0.2.12
Ausgabe    : 4.fc18
Größe : 1.1 M
Repo        : installed
Aus repo    : updates
Zusammenfassung     : A firewall daemon with D-BUS interface providing a dynamic
                    : firewall
URL        : http://fedorahosted.org/firewalld
Lizenz     : GPLv2+
Beschreibung : firewalld is a firewall service daemon that provides a dynamic
             : customizable firewall with a D-BUS interface.

$ uname -a
Linux localhost.localdomain 3.9.0-rc3+ #33 PREEMPT Fri Mar 22 18:35:44 CET 2013 x86_64 x86_64 x86_64 GNU/Linux

Why do I need NAT for firewall?

Comment 1 Jiri Popelka 2013-03-25 13:30:09 UTC
(In reply to comment #0)
> org.freedesktop.DBus.Python.dbus.exceptions.DBusException: '/sbin/iptables
> -t nat -N PREROUTING_direct' failed: iptables v1.4.16.2: can't initialize
> iptables table `nat': Table does not exist (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.

What are the steps to reproduce ?

> Why do I need NAT for firewall?

For masquerading (http://en.wikipedia.org/wiki/IP_masquerading).

Comment 2 Thomas Meyer 2013-03-25 13:49:40 UTC
On most of my machines i use a self compiled kernel. I didn't compile in NAT support. And did get about error in firewall-config.

Why exactly do you need NAT for firewall?
Above link says that ip masquerading is just another word for full NAT.

I did enable the necessary NAT modules now.

Comment 3 Thomas Woerner 2013-06-06 11:32:38 UTC
The rules for all configured zones are created at firewalld start. This speeds up the change of zones for connections.

There is an RFE to create rules for used zones only. This is on the TODO list.

Comment 4 Jiri Popelka 2013-06-17 14:56:24 UTC

*** This bug has been marked as a duplicate of bug 967376 ***


Note You need to log in before you can comment on or make changes to this bug.