Hey folks, I’m stumped with an nftables issue on my Raspberry Pi 4 lab setup. I’ve got it working as a router, DHCP, DNS server, and Wi-Fi access point. It’s isolating my measurement network from the internet just fine.
Now I want to allow access to some devices in the measurement network using NAT. I added a new table with sudo nft add table ip nat. That worked okay. But when I try to add a new chain for prerouting, I get this weird error:
$ sudo nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'
Error: Could not process rule: No such file or directory
I tried with and without the ‘ip’ family, but no luck. Any ideas what I’m doing wrong here? Is there something I’m missing in my nftables setup?
hey kai29, sounds like a tricky one! have u checked if the nat module is loaded? try runnin ‘sudo modprobe nf_nat’ and see if that helps. if not, maybe double-check ur kernel supports nftables nat. good luck with ur setup, let us know how it goes!
I encountered a similar issue when setting up NAT on my home lab. The problem might be related to kernel modules. First, ensure the necessary modules are loaded by running ‘lsmod | grep nf_nat’. If they’re not present, try loading them manually with ‘sudo modprobe nf_nat’ and ‘sudo modprobe nf_tables’.
If that doesn’t resolve the issue, check your nftables version with ‘nft --version’. Some older versions had quirks with NAT configuration. Consider updating to the latest stable release if you’re running an older version.
Also, verify your nftables.conf file for any conflicting rules or misconfigurations. Sometimes, pre-existing rules can interfere with new chain creation. If all else fails, you might need to consult your distribution’s documentation for any specific requirements or known issues with nftables NAT implementation.
hey kai29! thats a head-scratcher for sure. i’ve been playin around with nftables on my pi too and ran into some weird stuff. have you tried adding the ‘ip’ family explicitly? like this:
sudo nft 'add chain ip nat prerouting { type nat hook prerouting priority -100; }'
also, just curious - what does ‘sudo nft list tables’ show? maybe the nat table isn’t sticking for some reason?
oh, and another thing - are you runnin the latest raspbian? sometimes older versions can be a bit finicky with nftables. might be worth checkin for updates if you haven’t in a while.
let us know how it goes! always fun to see other peoples pi projects
