Created on 01-10-2025 07:09 AM Edited on 01-12-2025 01:23 AM By Anthony_E
Description | This article explains why the Container FortiOS (cFOS) cannot perform source NAT runs in a docker on RedHat Enterprise 9.x Linux VM. |
Scope | Container FortiOS. |
Solution |
On RedHat Enterprise 9.x, the default ip_tables module has been replaced by nf_tables. The ip_tables module is now considered 'deprecated' and is not loaded by default, even after installing the iptables package.
sysctl sh
Manually loading the module using modprobe ip_tables resolves the issue.
[root@localhost ~]# modprobe ip_tables
On Ubuntu and other distributions, the module is loaded automatically, even without the iptables package installed. [root@localhost ~]# echo ip_tables > /etc/modules-load.d/ip_tables.conf To ensure that it has been loaded, run the following command:
[root@localhost ~]# lsmod | grep ip_tables ip_tables
See the Red Hat documentation for more information on this: Chapter 3. Managing kernel modules | Red Hat Product Documentation |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.