Installing nftables from sources on Debian
In this post, I’ll show you how I installed nftables from sources. I needed to do this from the sources to have the latest version of nftables.
I needed to work with iptables to perform stateless Network Address Translation (NAT) but then I discovered that didn’t appear to be possible by using iptables. So I found nftables, which allows me to do it.
To have the latest version of nftables, at least above v0.7, I installed this tool from the sources. I started by following the instructions on the nftables’ wiki page with the installation instructions.
The nftables package dependencies are listed here. These are the main ones:
First, I tried to install libmnl package provided by on Debian, with aptitude search libmnl , and then I installed libmnl-dev , but it didn’t work for me later, so I installed this from the sources after installing libnftnl .
To install libnftnl userspace library, the nftables wiki page suggests these commands:
# git clone git://git.netfilter.org/libnftnl
# cd libnftnl
# sh autogen.sh
# ./configure
# make
# make installWhile running the commands, I get the first error (in the third command):
root@debian:/home/debian/libnftnl# sh autogen.sh
autogen.sh: 3: autogen.sh: autoreconf: not foundThen I installed the missing packages: autogen, autoreconf.
# aptitude install autoconf autogenNext, I tried again the sh autogen.sh step and got the following error:
root@debian:/home/debian/libnftnl# sh autogen.sh
configure.ac:28: error: possibly undefined macro: AC_DISABLE_STATIC
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
autoreconf: /usr/bin/autoconf failed with exit status: 1After some research, I found that I had to install libtool package, with aptitude install libtool .
Then I tried again, and got this output:
root@debian:/home/debian/libnftnl# sh autogen.sh
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `build-aux'.
libtoolize: copying file `build-aux/ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4'.
libtoolize: copying file `m4/libtool.m4'
libtoolize: copying file `m4/ltoptions.m4'
libtoolize: copying file `m4/ltsugar.m4'
libtoolize: copying file `m4/ltversion.m4'
libtoolize: copying file `m4/lt~obsolete.m4'
configure.ac:8: installing 'build-aux/ar-lib'
configure.ac:8: installing 'build-aux/compile'
configure.ac:5: installing 'build-aux/config.guess'
configure.ac:5: installing 'build-aux/config.sub'
configure.ac:10: installing 'build-aux/install-sh'
configure.ac:10: installing 'build-aux/missing'
examples/Makefile.am: installing 'build-aux/depcomp'Finally autogen.sh script is working! In this point, I could move forward to the next command: ./configure . Here’s the output I had:
root@debian:/home/debian/libnftnl# ./configure
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking for ar... ar
checking the archiver (ar) interface... ar
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for style of include used by make... GNU
checking whether make supports nested variables... yes
checking how to create a pax tar archive... gnutar
checking dependency style of gcc... gcc3
checking whether make supports nested variables... (cached) yes
./configure: line 4135: syntax error near unexpected token `LIBMNL,'
./configure: line 4135: `PKG_CHECK_MODULES(LIBMNL, libmnl >= 1.0.0)'From this output, I noticed that I was missing the libmnl package, which I installed later, as shown next.
To install libmnl userspace library, correctly from the sources, I ran these commands:
# git clone git://git.netfilter.org/libmnl
# cd libmnl
# sh autogen.sh
# ./configure
# make
# make installWith the previous packages I installed, these steps had no errors.
Now going back to the installation of libnftnl, I tried to run./configure again and I still got the same problem. I fixed the problem following the instructions of this blog post. Here are the steps I followed:
root@debian:/home/debian/libnftnl# whereis libmnl
libmnl: /usr/local/lib/libmnl.so /usr/local/lib/libmnl.la /usr/include/libmnlThen I did:
root@debian:/home/debian/libnftnl# ldd /usr/local/lib/libmnl.so
linux-vdso.so.1 (0x00007ffe5212a000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007efc29faf000)
/lib64/ld-linux-x86-64.so.2 (0x000056203c383000)The post also suggested that I installed pkg-config with aptitude install pkg-config and install gmp package with aptitude install libgmp3-dev . Here’s a post that shows how to install in other Linux distributions here.
Also, the above post suggested that I should configure the pkg-config environment path:
# PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
# export PKG_CONFIG_PATHThen I ran sh autogen.sh and ./configure again. After this I got a much nicer and longer output, like this:
root@debian:/home/debian/libnftnl# ./configure
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no(...)checking for LIBMNL... yes(...)config.status: creating tests/Makefile
config.status: creating libnftnl.pc
config.status: creating doxygen.cfg
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commandslibnftnl configuration:
JSON support: no
After this step I finally ran the last two commands — make and make install — without any errors.
Now that libmnl and libnftnl were successfully installed, I tried to install userspace nft command line utility, nftables from the sources, with the following commands:
# git clone git://git.netfilter.org/nftables
# cd nftables
# sh autogen.sh
# ./configureWhile running the last command, ./configure , I got an error indicating that I was missing bison package, which the nftables depended on:
root@debian:/home/debian/nftables# ./configure
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu(...)checking for flex... no
checking for lex... no
checking for bison... no
checking for byacc... no
*** Error: No suitable bison/yacc found. ***
Please install the 'bison' package.
Later I got the same message for flex and docbook2x packages. Note that both of this are in the nftables dependencies list. So to fix these error messages I installed these packages — bison, flex and docbook2x — with aptitude install <package> (e.g.: aptitude install flex ).
After this, I got this error message: configure: error: No suitable version of libreadline found . To fix this I followed the steps of this post.
# aptitude update
# aptitude install libreadline-devAt this point I had enough installed to have nft tool running. This is the installation output with no errors:
root@debian:/home/debian/nftables# ./configure
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu(...)config.status: creating include/linux/netfilter_ipv4/Makefile
config.status: creating include/linux/netfilter_ipv6/Makefile
config.status: creating doc/Makefile
config.status: creating files/Makefile
config.status: creating files/nftables/Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commandsnft configuration:
cli support: yes
enable debugging symbols: yes
use mini-gmp: no
enable man page: yes
enable pdf documentation: no
libxtables support: no
Then I ran make and make install , also with no errors.
Finally, I checked if nftables was successfully installed:
root@debian:/home/debian/nftables# nft
nft: no command specified
root@debian:/home/debian/nftables# nft -v
nftables v0.8.2 (Joe Btfsplk)And it was! It worked!
Summary
After all of this procedure, I had to install this on another virtual machine. In this time I tried a simpler approach, with this order:
- First I ran
aptitude updateto download lists of new and upgradable packages. - Then I installed all the packages I needed during the first installation, with
aptitude install <package-name>. These include autoconf, autogen, libtool, pkg-config, libgmp3-dev, bison, flex, docbook2x and libreadline-dev. You can check the dependencies of nftables here. - Next, I configured the path for pkg-config with the following lines:
# PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
# export PKG_CONFIG_PATH- Then I installed the libmnl library, with the commands previously presented:
# git clone git://git.netfilter.org/libmnl
# cd libmnl
# sh autogen.sh
# ./configure
# make
# make install- After that I installed the libnftnl library, with these commands, also shown previously:
# git clone git://git.netfilter.org/libnftnl
# cd libnftnl
# sh autogen.sh
# ./configure
# make
# make install- Lastly, I installed nftables this way:
# git clone git://git.netfilter.org/nftables
# cd nftables
# sh autogen.sh
# ./configure
# make
# make install- Next, to check if nftables is working, I checked the version with
nft -v. Surprisingly I got an error I haven’t seen before, that I fixed withldconfigcommand. If you’re unfamiliar withldconfigyou can learn more about it here. You can check the sequence of the commands below:
root@debian:/home/debian# nft -v
nft: error while loading shared libraries: libnftnl.so.7: cannot open shared object file: No such file or directory
root@debian:/home/debian# ldconfig
root@debian:/home/debian# nft -v
nftables v0.8.2 (Joe Btfsplk)This was also posted on Practical Dev.
You can find me on Twitter, LinkedIn, Github, Practical Dev and my personal website.
