Topic: Are both iptables and firewall needed?

I've never installed a firewall on my openwrt devices until now. I had prevented firewall from installing when installing iptables thinking the two were different firewalls.

# iptables -t nat -A POSTROUTING -o br-wan -j MASQUERADE
iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

I then installed 'firewall' and things seem to work. Are both firewall and iptables needed in order to work?

I never install package firewall. Only using my private rules for iptables.
Note, however, that you might need to install the required kernel modules yourself, as not all are
installed by default. I.e. conntrack is not always present by default, but might be auto installed when using firewall.

Yes, there must be something else installed that I've not noticed when also adding firewall. It only works when I install both packages.

May be, you need packages

to be installed.
May be, even
depending on, what you want to do.

The firewall package is just a series of scripts that use iptables to configure a firewall, according to the configuration at /etc/config/firewall; it also loads all needed kernel modules, and that is probably what you are missing, as the error says. You probably need to execute insmod iptable_nat or some other module before calling iptables.

I didn't have to do anything but install the firewall package and everything started working.
I wanted to ask in case I missed something. Seems to be working fine so I guess this question is moot.

Thanks for the input, it was appreciated.

This happened again. The solution was as mentioned above, installing

kmod-ipt-nat and kmod-ipt-nat-extra.

Now iptables commands for nat work.

Thanks again.

