2

When starting Xubuntu 19.04 get this in boot.log: 

[[0;1;31mFAILED[0m] Failed to start [0;1;39mLoad Kernel Modules[0m.
See 'systemctl status systemd-modules-load.service' for details.

I run systemctl status systemd-modules-load.service which yields: 

Failed to find module 'nf_nat_proto_gre'

With sudo modprobe nf_nat_proto_gre I get: 

modprobe: FATAL: Module nf_nat_proto_gre not found in directory /lib/modules/5.0.0-16-generic

What is the problem and how should I fix it?

Adrian
  • 701
  • 1
  • 8
  • 29

1 Answers1

1

First: the obvious question should be: is this module needed? This is to support using (probably multiple rather than just one) GRE tunnels behind NAT. If no GRE tunnel is used, the question becomes moot.

Now what happened? It appears Ubuntu 19.04 is using kernel 5.0 and there were a few netfilter reworking started from this kernel to factorize some separate netfilter modules back to core (ie: not as a module) to have an overall gain in size or help further netfilter features. This module was "axed" as part of this rework.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/ipv4/netfilter/nf_nat_proto_gre.c?h=v5.0

path: root/net/ipv4/netfilter/nf_nat_proto_gre.c
Age   Commit message (Expand) Author  Files   Lines
2018-12-17    netfilter: nat: remove nf_nat_l4proto struct    Florian Westphal    1   -61/+0
2018-12-17    netfilter: nat: remove l4proto->manip_pkt   Florian Westphal    1   -41/+0
2018-12-17    netfilter: nat: remove l4proto->nlattr_to_range Florian Westphal    1   -3/+0
2018-12-17    netfilter: nat: remove l4proto->in_range    Florian Westphal    1   -1/+0
2018-12-17    netfilter: nat: remove l4proto->unique_tuple

Of course the functionality is still there. Last commit comment, emphasis mine:

netfilter: nat: remove nf_nat_l4proto struct

This removes the (now empty) nf_nat_l4proto struct, all its instances
and all the no longer needed runtime (un)register functionality.

nf_nat_need_gre() can be axed as well: the module that calls it (to
load the no-longer-existing nat_gre module) also calls other nat core
functions. GRE nat is now always available if kernel is built with it.

[...]

So if Ubuntu had some hardcoded list of helper modules to load, the list wasn't updated to drop this one and a few others in the same case. You should safely ignore the error, or report the minor bug.

A.B
  • 36,364
  • 2
  • 73
  • 118
  • I personally need the functionality of that module; I understand from you that now is “included”. – Adrian Jun 09 '19 at 13:17
  • Yes using GRE "over" IPv4 NAT should work fine with only gre, ip_gre and ip_tunnel modules. – A.B Jun 09 '19 at 13:48