# Correct kernel modules for iptables NAT?

## turtles

Greetings I was wondering if anyone can confirm these are the necessary kernel modules for iptables router NAT? 

I followed this guide http://wiki.gentoo.org/wiki/Home_Router and I can access the router but no WAN.

3.12.21-gentoo-r1:

```
xt_REDIRECT             1230  0 

ipt_MASQUERADE          1258  2 

iptable_nat             2038  1 

nf_nat_ipv4             2684  1 iptable_nat

nf_nat                  8809  4 ipt_MASQUERADE,nf_nat_ipv4,xt_REDIRECT,iptable_nat

```

(these are the relevant ones)

grep IP_ /usr/src/linux/.config > http://pastebin.com/BnqCNc9L

thanks in advance

----------

## bbgermany

Hi,

since the wiki is not reachable for me atm, can you post your iptables rules and if IP forwarding is enabled?

bb

----------

## turtles

Here is the output of 

iptables --list 

```

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere            

REJECT     udp  --  anywhere             anywhere             udp dpt:bootps reject-with icmp-port-unreachable

REJECT     udp  --  anywhere             anywhere             udp dpt:domain reject-with icmp-port-unreachable

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:1986

DROP       tcp  --  anywhere             anywhere             tcp dpts:0:1023

Chain FORWARD (policy DROP)

target     prot opt source               destination         

ACCEPT     all  --  192.168.0.0/16       anywhere            

ACCEPT     all  --  192.168.0.0/16       anywhere            

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination
```

FYI I built a kernel for an old x86 box I would like to turn into a office router. I compiled almost everything in networking as modules.this is just for testing a Gentoo router, I am open to suggestions for further security after getting a basic config working. I can pastbin the complete config.

This is the setup I am working towards and would like to test various router OS's and gentoo on:

tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html

----------

## Hu

As bbgermany said, please post your iptables rules and whether IPv4 forwarding is enabled.  You should never use iptables --list when someone asks you for information because it hides important details.  You should always use iptables-save.

----------

## turtles

iptables-save

```

# Generated by iptables-save v1.4.20 on Mon Jun 16 00:46:28 2014

*nat

:PREROUTING ACCEPT [4923:1308992]

:INPUT ACCEPT [4490:1288463]

:OUTPUT ACCEPT [13:1261]

:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -o wan1 -j MASQUERADE

-A POSTROUTING -o wan1 -j MASQUERADE

COMMIT

# Completed on Mon Jun 16 00:46:28 2014

# Generated by iptables-save v1.4.20 on Mon Jun 16 00:46:28 2014

*mangle

:PREROUTING ACCEPT [34674:8160110]

:INPUT ACCEPT [34566:8144344]

:FORWARD ACCEPT [48:5632]

:OUTPUT ACCEPT [22879:2648374]

:POSTROUTING ACCEPT [22903:2650046]

COMMIT

# Completed on Mon Jun 16 00:46:28 2014

# Generated by iptables-save v1.4.20 on Mon Jun 16 00:46:28 2014

*filter

:INPUT ACCEPT [14828:3295626]

:FORWARD DROP [24:3960]

:OUTPUT ACCEPT [6825:1305387]

-A INPUT -i lo -j ACCEPT

-A INPUT -i lan0 -j ACCEPT

-A INPUT ! -i lan0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable

-A INPUT ! -i lan0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable

-A INPUT -i wan1 -p tcp -m tcp --dport 1980 -j ACCEPT

-A INPUT ! -i lan0 -p tcp -m tcp --dport 0:1023 -j DROP

-A FORWARD -s 192.168.0.0/16 -i lan0 -j ACCEPT

-A FORWARD -s 192.168.0.0/16 -i wan1 -j ACCEPT

COMMIT

# Completed on Mon Jun 16 00:46:28 2014
```

----------

