OpenVZ iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Solution
This error is annoying, in a Virtuozzo KB entry about this ip tables nat problem they say the kernel needs to be ugpraded:
Symptoms
The node runs 2.6.18-x kernel older than 2.6.18-028stab053.10.
NAT module does not work in container, you get "can't initialize iptables table 'nat'" error:
# iptables -t nat -L -n
iptables v1.2.11: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
Resolution
Upgrade your kernel to the latest version (see http://kb.parallels.com/en/4004).
The problem is that I do have the latest kernel!
This is the latest VZ kernel from July:
Linux test.chi 2.6.18-194.8.1.el5.028stab070.2PAE #1 SMP Tue Jul 6 15:30:49 MSD 2010 i686 i686 i386 GNU/Linux
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
The real solution - manually load "iptable_nat" in the conf
I always read that the modules specified in /etc/sysconfig/iptables-config and /etc/vz/vz.conf are the modules that get loaded by default into all the containers...........but this is not true. "Modules you defined will be available for all Containers", no that wasn't the case for me. I had to manually specify it for my container before it worked.
You have to explicitly tell each container what iptables modules it can have.
*Actually this is not true, if you get errors saying "X Module cannot be found", it means you have a mistake or linebreak in your vz.conf for IPTABLES. Just fix it and then you'll be good. What was I thinking, questioning Parallels?