(Yocto) Add iptable_nat

Moderator: nferre

r1sprecinfosys
Posts: 3
Joined: Mon Feb 25, 2019 9:02 pm

(Yocto) Add iptable_nat

Mon Feb 25, 2019 9:09 pm

Hello

I need help to add NAT in my image for sama5d27

i try edit file:
/usr/yocto/meta-atmel/recipes-kernel/linux/linux-at91-4.9/sama5/defconfig

add to the end:

Code: Select all

CONFIG_PACKET=m
CONFIG_NETFILTER=m
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
But after bitbake core-image-minimal
i don't have any 'nat' in output lsmod | grep 'nat'

What i wrong do? How i can add NAT to my image?

Thanks!
blue_z
Location: USA
Posts: 1880
Joined: Thu Apr 19, 2007 10:15 pm

Re: (Yocto) Add iptable_nat

Wed Feb 27, 2019 4:53 am

r1sprecinfosys wrote: i try edit file:
/usr/yocto/meta-atmel/recipes-kernel/linux/linux-at91-4.9/sama5/defconfig

add to the end:

Code: Select all

CONFIG_PACKET=m
CONFIG_NETFILTER=m
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
In general direct editing of .config (or a defconfig) file is discouraged because you would bypass any dependency checks as well as value validation, and skip any automatic selections.
Your edits simply do not enable the kernel configuration that you want because of an incorrect value and unsatisfied dependencies.
For instance the following is the state of CONFIG_IP_NF_NAT using your hacked defconfig:

Code: Select all

  Symbol: IP_NF_NAT [=n]                                                                                                                               
  Type  : tristate                                                                                                                                     
  Prompt: iptables NAT support                                                                                                                         
     Location:                                                                                                                                          
       -> Networking support (NET [=y])                                                                                                                
         -> Networking options                                                                                                                          
   (1)     -> Network packet filtering framework (Netfilter) (NETFILTER [=n])                                                                          
             -> IP: Netfilter Configuration                                                                                                             
               -> IP tables support (required for filtering/masq/NAT) (IP_NF_IPTABLES [=n])                                                             
     Defined at net/ipv4/netfilter/Kconfig:270                                                                                                          
     Depends on: NET [=y] && INET [=y] && NETFILTER [=n] && IP_NF_IPTABLES [=n] && NF_CONNTRACK_IPV4 [=n]                                            
     Selects: NF_NAT [=n] && NF_NAT_IPV4 [=n] && NETFILTER_XT_NAT [=n]
Note the three unmet dependencies (which inhibit this configuration value).



r1sprecinfosys wrote: What i wrong do?
The salient (but not sole) error is the line

Code: Select all

CONFIG_NETFILTER=m
since that is a boolean (Y or N) rather than a tristate (Y, N, or M) selection.

Code: Select all

Symbol: NETFILTER [=n] 
Type  : boolean 
Prompt: Network packet filtering framework (Netfilter) 
  Location:  
    -> Networking support (NET [=y]) 
(1)   -> Networking options 
  Defined at net/Kconfig:114 
  Depends on: NET [=y]   

Regards
r1sprecinfosys
Posts: 3
Joined: Mon Feb 25, 2019 9:02 pm

Re: (Yocto) Add iptable_nat

Thu Feb 28, 2019 2:07 pm

Thankyou blue_z!

I also try
CONFIG_NETFILTER=y

but as I noticed, when i edited /usr/yocto/meta-atmel/recipes-kernel/linux/linux-at91-4.9/sama5/defconfig
some variable don't copy to build_dir (/usr/yocto/poky/build-atmel/tmp/work/sama5d27_som1_ek_sd-poky-linux-gnueabi/linux-at91/4.9+gitAUTOINC+29796588eb-r0/build/.config)

i have big .config file (82.9 KB), but this file not have "CONFIG_NETFILTER=y", that have my defconfig.

In documentation i found: https://www.yoctoproject.org/docs/2.5/k ... l-dev.html (2.6.2 - 2.6.5)
Maybe I do not understand correctly this documentation. If it's not difficult for you, could you explain it on your fingers :roll:

Thanks!
blue_z
Location: USA
Posts: 1880
Joined: Thu Apr 19, 2007 10:15 pm

Re: (Yocto) Add iptable_nat

Fri Mar 01, 2019 2:39 am

Let me state upfront that I prefer to use Buildroot and/or the kernel make commands, and do not know how to use Yocto other than strictly following the Linux4SAM demo instructions.

In the document link that you mentioned, 2.6.3. Creating Configuration Fragments has directions for "2. Launch menuconfig: Run the menuconfig command:", which is what you need to use to sensibly configure the Linux kernel.
Once in menuconfig mode, you can use the built-in search command (e.g. `/CONFIG_XXX` or simply `/XXX`) to get the status of a config value as I posted previously.
After you have figured out what needs to be enabled (e.g. dependencies that you overlooked), you can exit and save the new .config file.

The next step would be to convert the large .config file to just a minimal defconfig file.
(The Yocto document statement that "A defconfig file is simply a .config renamed to "defconfig"" is not 100% accurate.)
The proper method of converting a .config file to a defconfig file is to use the `make savedefconfig` command.
I do not know how you could do that with Yocto.


Regards
r1sprecinfosys
Posts: 3
Joined: Mon Feb 25, 2019 9:02 pm

Re: (Yocto) Add iptable_nat

Sat Mar 09, 2019 3:29 pm

blue_z

Thank you very much for your help!

Return to “SAMA5-based”

Who is online

Users browsing this forum: No registered users and 2 guests