Iptables table 'nat' des not exit

Hello, I am trying to use a bpi-R64 as a pppoe server using rp-pppoe. When I try to configure iptables with

iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o $wan_iface -j MASQUERADE

I get

ptables v1.6.1: can’t initialize iptables table nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. iptables v1.6.1: can't initialize iptables tablenat’: Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.

I’ve tried modprobe, apt full upgrade, re-installing iptables etc to no avail. I read a similar post from a while back that alluded not all tables were supported in the supplied kernel. is there a way to get this supported?

thanks! -trent

which Image do you use and which kernel (source)?

afair my r64 defconfig misses iptables/nftables…

seems like i had added them at least in 5.10-main:

you could try this to show your kernelconfig (if configfs is build as module, maybe only seconf if it is builtin)

modprobe config
zgrep 'NAT' /proc/config.gz

Hello Frank,

thanks for the reply! Here is some info about my system


Linux bpi-r64 5.4.0-BPI-R64-Kernel #1 SMP PREEMPT Sat May 2 10:34:13 CST 2020 aarch64 aarch64 aarch64 GNU/Linux

modprobe config returns: r> oot@bpi-r64 ppp]# modprobe config

modprobe: FATAL: Module config not found in directory /lib/modules/5.4.0-BPI-R64-Kernel

dir listing of /lib/modules

[root@bpi-r64 ppp]# ls /lib/modules/5.4.0-BPI-R64-Kernel/ build modules.alias.bin modules.builtin.modinfo modules.devname modules.symbols kernel modules.builtin modules.dep modules.order modules.symbols.bin modules.alias modules.builtin.bin modules.dep.bin modules.softdep source





Ok, you use the vendor kernel which does not have nat enabled…you need to do an kernel upgrade. You can try using mine from my repo (github releases).

Thank you once again. I am still learning howto do a kernel upgrade but I will get it sorted out. My other issue is that apparently the vendor kernel I am using does not support pppoe, do you recall if you enabled it in yours? The logs I am seeing show this

Sep 3 12:50:28 localhost pppoe-server[1159]: PADT for session 1 received from 3C:90:66:FD:E6:F0; should be from 00:00:00:00:00:00 Sep 3 12:50:29 localhost pppoe-server[3632]: Session 1 created for client 3c:90:66:fd:e6:f0 ( on lan0 using Service-Name ‘’ Sep 3 12:50:29 localhost pppd[3632]: Couldn’t open the /dev/ppp device: No such file or directory Sep 3 12:50:29 localhost pppd[3632]: Sorry - this system lacks PPP kernel support Sep 3 12:50:29 localhost pppoe-server[1159]: Session 1 closed for client 3c:90:66:fd:e6:f0 ( on lan0

again thank you for all the support!

Yes my kernel supports pppoe (because i use it myself)

You can try 5.10-main for last lts version

Precompiled versions are in releases. Just backup your curren uImage and unpack folders in tar.gz (not src) to matching partition

Thanks Frank,

Of course I am running into issues but I believe its because I am still booting from the SD, not eMMC and the tar file is trying to create symlinks between the to. I’m going to try converting to eMMC and try again.

No the tarfile does not create symlinks to emmc

You need the uImage in BPI-boot/…/linux (copy to p1) and BPI-ROOT/lib/modules (copy to p2)

Do you have only networking issues? Maybe vendor 5.4 is using the swconfig driver. My repo uses dsa driver,so you put eth0 up and configure wan/lanX

Hi Frank,

The only networking issues I have so far are lack of nat and ppoe support. The Vendor build uses dsa and I configure the interfaces as you detailed above.

I’m still messing up the kernel upgrade but I do thank you for the helpful hints, It got me a lot further down the road. I’ll give it another go tomorrow though I can move on using an RPI that I have working for this.

The BPI’s (I have about 9 of them) will all be test servers/clients for RG’s we are working on, the built in 4 lan interfaces and a wan interface make it a perfect test server for my needs ( 4 x lan test networks, using the wan for management). Wifi 11ac/ax support is actually the reason we chose this platform as a test + prototype platform.

I may just start over tomorrow or the next day with a new SD card, perhaps that will clean things up a bit.

Again, thank you for all the help along the way -trent